[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] self signed certificate warnings

Subject: Re: [cobalt-security] self signed certificate warnings
From: cobalt@xxxxxxxxxxxxx
Date: Wed, 20 Feb 2002 16:32:09 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 20 Feb 2002 at 10:38, Matthew Nuzum wrote:

> I know of ONE way that will take care of this problem definitively, and
> that is to buy a wildcard cert from Thawte.  However, they now charge
> per domain, which is extremely limiting to me.
> 
> I have heard that you can send a special mime-encoded file to newer
> browsers that will allow them to add me to their list of trusted
> authorities.  Maybe this is a rumor, or maybe this is a complete
> mis-understanding on my part.  It sounds intriguing to me though.
> 
> Has anyone tried this?  I'd search the Internet, but I'm somewhat at a
> loss for what to even search for.

This would be completely against the idea of trusted certificates and would be a big 
security hole.  

Im not saying it doesn't exist though ;)

There were some threads in Bugtraq similar to this, from memory, the browsers 
involved were IE on Windows and  Konquer in KDE on linux. 

Try searching at

http://www.securityfocus.com

for 

IE https certificate attack

Regards

Ian

References:
- [cobalt-security] self signed certificate warnings
  - From: Matthew Nuzum

Prev by Date: [cobalt-security] self signed certificate warnings
Next by Date: Re: [cobalt-security] self signed certificate warnings
Previous by thread: [cobalt-security] self signed certificate warnings
Next by thread: Re: [cobalt-security] self signed certificate warnings

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index