Non-English Domain Names Likely Delayed
Joe Abley
jabley at isc.org
Tue Jul 19 02:41:22 UTC 2005
On 18 Jul 2005, at 18:43, Jason Sloderbeck wrote:
> I don't know of any other IEEE/NANOG/IETF/ICANN-sanctioned method to
> completely confuse even a savvy IT user who is trying to determine the
> validity of an SSL site.
>
If I was feeling especially cynical (and hey, who isn't on a Monday?)
I'd say that the validity of an SSL site is a lot harder to judge
than people think, and a savvy IT user would do well to trust very
few of them.
For a well-known common name with a global reputation, you might have
a reasonable expectation that a successful wander down a certificate
chain might be worth trusting: a CA would have to be fairly remiss to
issue a certificate to some random customer who claimed to be Amazon
or Microsoft (or Amäzon or Micrøsoft, for that matter).
However, when it comes to a web store whose name isn't well-known,
"good certificate" frequently means little more than "the operator of
the site is able to mark up some letterhead and send a fax".
And of course, nobody here would be guilty of clicking "accept" on a
warning that the validity of a self-signed certificate cannot be
determined. Thought not.
Maybe a bit of healthy distrust is overdue for injection into the CA
economy.
Joe
More information about the NANOG
mailing list