how can you verify that the site you get is not a fake?
Matthew Miller
mattdm at mattdm.org
Mon Jun 6 12:31:39 UTC 2005
On Sun, Jun 05, 2005 at 09:26:17PM -0700, bruce wrote:
> ssl certs don't allow you, the user to know if you're at the right site!!
> unless it's not possible to fake the information returned by the server to
> the client. i suspect that the information stream is easily faked...
Since it uses reasonably strong cryptography, no, it's not too easy to do
that.
> my question.. how do you know that paypal.com.. ia actually paypal.com
> (paypal), and not a carefuly crafted fake!
How do you "know" anything? It all comes down to levels of trust. An SSL
certificate signed by a known authority is pretty good -- I don't know of
any cases where that's been subverted.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.
More information about the fedora-list
mailing list