lotus

previous page: 5.3) I am distributing load on several different web servers and I don't want to have to have a different certificate for each. How can I do this?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 5.5) Does Netscape require hierarchical naming (that is, distinguished names) for its certificates?

5.4) When comparing a URL against the common name of the certificate, why don't you do a reverse-DNS lookup?




Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

5.4) When comparing a URL against the common name of the certificate, why don't you do a reverse-DNS lookup?

DNS is not a secure name service, and trying to treat it like one
could be a security hole. The purpose of checking the common name
against the URL is to make sure that at least the user's expectation
of what site the user is visiting is not compromised.

 

Continue to:













TOP
previous page: 5.3) I am distributing load on several different web servers and I don't want to have to have a different certificate for each. How can I do this?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 5.5) Does Netscape require hierarchical naming (that is, distinguished names) for its certificates?