|
|
|
|
|
|
by n0w
3439 days ago
|
|
|
I don't believe it's reasonable to expect a CA to police the content of a domain that they have issued a certificate for. As the original article points out, you can perform these kinds of attacks with any address by setting up sub domains ("https://www.paypal.com.safe.com" looks pretty similar to "https://www.paypal.com" to most users). I personally think this is an issue with the browser UI/UX as it currently stands. "Secure" sends the wrong message to your average user. I would like to see something like the prominent display of the second/third level domain at the top of every browser tab (depending on the TLD). i.e. "ycombinator.com", "paypal.com", etc. |
|
|