Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

5.4) When comparing a URL against the common name of the certificate, why don't you do a reverse-DNS lookup?

DNS is not a secure name service, and trying to treat it like one
could be a security hole. The purpose of checking the common name
against the URL is to make sure that at least the user's expectation
of what site the user is visiting is not compromised.

Continue to:

prev: 5.3) I am distributing load on several different web servers and I don't want to have to have a different certificate for each. How can I do this?
Index
next: 5.5) Does Netscape require hierarchical naming (that is, distinguished names) for its certificates?

Share and Enjoy

Bookmark this story so others can enjoy it:


	stason.org

	Articles
	Development
	Books
	Teaching
	Photography
	Bits and Pieces
	TULARC
	Contact Us
	Site Map


	Favorites

	Free Online Books
	Meta Religion
	Travel Blogs
	StasoSphere
	Healing Info
	Article Collection
	Practical mod_perl
	mod_perl2 Book
	MailChannels

		Articles / TULARC / Security / SSL Discussion List /







		5.4) When comparing a URL against the common name of the certificate, why don't you do a reverse-DNS lookup?


	Search

5.4) When comparing a URL against the common name of the certificate, why don't you do a reverse-DNS lookup?

Description

5.4) When comparing a URL against the common name of the certificate, why don't you do a reverse-DNS lookup?

Share and Enjoy

Tags