Extended validation certificates
Posted Nov 4, 2006 1:14 UTC (Sat) by giraffedata
In reply to: Extended validation certificates
Parent article: Extended validation certificates
For those that don't catch what pimlott is implying: As part of https session negotiation, the server supplies its domain name and the browser verifies that it's the same name you typed into the browser. So DNS and IP routing find the server but don't establish its identity in any way.
Verisign supplies a certificate that's supposed to convince you that whoever is running the server that claims to be acme.com is the company named Acme. But even if you don't believe Verisign verified that, you probably believe that Verisign didn't hand out certificates for acme.com to two different people, and you know Acme Bank didn't publish that URL until it had a certificate for acme.com in hand.
to post comments)