[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] self signed certificate warnings
- Subject: Re: [cobalt-security] self signed certificate warnings
- From: cobalt@xxxxxxxxxxxxx
- Date: Wed, 20 Feb 2002 16:32:09 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 20 Feb 2002 at 10:38, Matthew Nuzum wrote:
> I know of ONE way that will take care of this problem definitively, and
> that is to buy a wildcard cert from Thawte. However, they now charge
> per domain, which is extremely limiting to me.
>
> I have heard that you can send a special mime-encoded file to newer
> browsers that will allow them to add me to their list of trusted
> authorities. Maybe this is a rumor, or maybe this is a complete
> mis-understanding on my part. It sounds intriguing to me though.
>
> Has anyone tried this? I'd search the Internet, but I'm somewhat at a
> loss for what to even search for.
This would be completely against the idea of trusted certificates and would be a big
security hole.
Im not saying it doesn't exist though ;)
There were some threads in Bugtraq similar to this, from memory, the browsers
involved were IE on Windows and Konquer in KDE on linux.
Try searching at
http://www.securityfocus.com
for
IE https certificate attack
Regards
Ian