ietf
[Top] [All Lists]

Re: [TLS] [certid] [secdir] secdir review of draft-saintandre-tls-server-id-check-09

2010-09-23 12:35:54
On 09/22/2010 01:31 PM, ArkanoiD wrote:
> BTW, slightly offtopic here: whenever i connect to gmail.com, i get
> certificate for mail.google.com. But i've yet to see any web browser
> to complain! Where is the magic?

On 09/22/2010 02:37 PM, Marsh Ray wrote:

Hopefully I'm overlooking something simple, but at first glance it would
seem like either of these two conditions are true:

1. Multiple vendors are putting some kind of override table in their
browsers with an entry for gmail.com.

This search
http://mxr.mozilla.org/mozilla1.9.2/search?string=[^%40]gmail.com&regexp=1&hitlimit=&tree=mozilla1.9.2

Doesn't return any hits. That search page is a little tricky though. It kept wanting to change my "^@" to "\0"! :-)

Which suggests that:
2. Browsers are running script from badly authenticated sources.

- Marsh
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf