https://lwn.net/Articles/8016/ This is a special feed containing comments posted to the individual LWN article titled "Konqueror and digital certificates". en-us Fri, 05 Sep 2025 17:50:10 +0000 Fri, 05 Sep 2025 17:50:10 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/8365/ https://lwn.net/Articles/8365/ hcobb I think your article is missing part of the point that the Register brought to light.<p>SSL "security" backs up DNS (which isn't very secure).<p>In order to exploit this IE/Konqueror flaw the thief in the middle needs to subvert DNS and steal a certificate from elsewhere.<p>The user's browser then says say https://tithe.microsoft.com/ and the little lock shows secure, but the certificate is a fake, signed by the stolen certificate from https://www.clueless_company.com/ is used to falsely sign the fake certificate.<p>So you need to subvert DNS and then you can fool the browser completely and the user would need to look carefully at the certificate details to discover the truth.<p>"The Rooster, crowing at IT's cockups!"<br> Thu, 22 Aug 2002 21:00:44 +0000