[tor-talk] How evil is TLS cert collection?
tagnaq
tagnaq at gmail.com
Sat Jun 4 20:19:12 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 06/04/2011 12:37 PM, tagnaq wrote:
> IP address and hostname (and cert.) of intranet-server1.example.com
> using a valid certificate *.example.com will be published even if the
> first two options in the "advanced options" are enabled. Is that correct?
> In such scenarios I'm not worried about the certificate being submitted
> but the hostname and IP address (domain and server_ip arguments).
To make this example clearer:
The internal DNS resolves intranet-server1.example.com to a public IP
address (non RFC1918). The public DNS does not resolve this hostname
(split DNS).
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk3qk0AACgkQyM26BSNOM7YgjQD/Y5k2f4A5oZ1iN6YHAvlxm76f
imGN4ouFX1BftSTBdJkBAIr1xVUdNg8enYqo8n984ClZ29vzJcKpEfOgVfjYmrFk
=i/Wt
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list