- From: George Staikos <staikos@kde.org>
- Date: Sun, 21 Jan 2007 22:20:30 -0500
- To: W3 Work Group <public-wsc-wg@w3.org>
www.usair.com was pushing out the certificate for www.usairways.com this weekend. If high-profile sites like this are screwing up this badly, perhaps we need to take action on the UA side. I really feel comfortable with the idea of completely blocking access to sites with misconfigured certificates like this. Unfortunately it's another case of "we have to break all the browsers simultaneously". On 9-Jan-07, at 11:50 AM, Thomas Roessler wrote: > > Another in the "specific interactions" department. > > Alice tries to connect to a web site at <https://www.example.com/>. > Her user agent's TLS implementation detects that the domain name > present in the certificate differs from www.example.com. > > Regards, > -- > Thomas Roessler, W3C <tlr@w3.org> > -- George Staikos KDE Developer http://www.kde.org/ Staikos Computing Services Inc. http://www.staikos.net/
Received on Monday, 22 January 2007 06:34:30 UTC