|
|
|
|
|
|
by superuser2
3933 days ago
|
|
|
We don't have humans in the loop for issuing certificate; this can and has been exploited for fun and profit, with fun attacks like getting a cert for "citibank.com\0.mydomain.com" which used to trick the C strcmp in most browser certificate checking routines. Moxie has an entertaining talk: https://www.youtube.com/watch?v=MFol6IMbZ7Y Your problem would be getting people to "thecitibank.com." Chrome, Firefox, and GMail would all eventually figure out it was a phishing site and warn users about clicking through to it. |
|
|