- From: Yngve Nysaeter Pettersen <yngve@opera.com>
- Date: Mon, 16 Apr 2007 14:53:19 +0200
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, "<michael.mccormick" <michael.mccormick@wellsfargo.com>
- Cc: public-wsc-wg@w3.org
On Mon, 16 Apr 2007 14:27:36 +0200, Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> wrote: > Which reminds me of an error I was a bit suprised at (though not on > reflection). I typed in my bank's home page with https, but with .com > (it's really a .org). So I got an SSL error telling me "the name on the > security certificate is invalid or does not match the name of the site". > Neither of which is quite accurate. The cert matches the site that is > being brought up; I'm just being redirected because I made a common > mistake. So, oddly, won't all those users used to typing .com get SSL > errors when redirected to .safe (if https is specified)? The client is required, by RFC 2818, to check the HTTP hostname agains the name(s) of the server in the certificate and warn the user if they do not match. A certificate can contain multiple hostnames through an extension, or by using a wildcard syntax. Such certificates tend to be more expensive though. The common mistake is to assign the same IP address to the aliases of a hostname, but forget to make the certificate name all the alternative hostnames. The TLS ServerName extension (supported by Opera 9) will eventually provide a better method for handling multiple identity servers. I think the impact of mistakes such as the one Mez made is going to be limited, since most average users do not specify the https part. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Monday, 16 April 2007 12:57:35 UTC