SSL man-in-the-middle attacks
Posted Dec 29, 2008 10:13 UTC (Mon) by TRS-80
In reply to: SSL man-in-the-middle attacks
Parent article: SSL man-in-the-middle attacks
What no browser implemnts, AFAIK, is autoamgic display of who the a valid certificate authenticates. I could register a domain name and get an SSL certificate. Only those suspicious enough to check the certificate would notice the authenticated domain was not what the HTML indicated.
Extended Validation (EV
) certificates are supposed to solve this - the browser displays the registered company name in the UI (examples in IE, FF and Safari
to post comments)