how can you verify that the site you get is not a fake?
bruce
bedouglas at earthlink.net
Mon Jun 6 04:26:17 UTC 2005
ssl certs don't allow you, the user to know if you're at the right site!!
unless it's not possible to fake the information returned by the server to
the client. i suspect that the information stream is easily faked...
my question.. how do you know that paypal.com.. ia actually paypal.com
(paypal), and not a carefuly crafted fake!
-bruce
-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of Matthew Miller
Sent: Sunday, June 05, 2005 3:15 PM
To: For users of Fedora Core releases
Subject: Re: how can you verify that the site you get is not a fake?
On Sun, Jun 05, 2005 at 01:37:19PM -0700, bruce wrote:
> if i go to a site, how can i verify that the site that's displayed is
really
> the 'correct' site. is there a way to actually 'get' the ip address, and
> then to determine if that ip address actually matches up to the 'owner' of
> the site i'm looking at....
> any thoughts/ideas/etc...
There's really not an absolutely good way to do this. The best we've got is
SSL server certificates.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the fedora-list
mailing list