[ih] Funny how things work out

Carsten Bormann cabo at tzi.org
Mon Feb 1 13:06:03 PST 2021

DNS names also play one additional role:

They are used in certificates to stand for an end system (really: organizational) identity.

Users are supposed to look at their browsers’ address lines and verify that they are talking to the right site before they give up their credit card numbers, passwords etc.  Browsers have started supporting this by hiding any other part of the URI to various levels (greying out, completely hiding).  Browsers have also started torpedoing more reliable forms of identity checking, such as company names in EV (extended validation) certificates.

That check of course requires that the users can understand the DNS name and detect a fake (e.g., typo-based) DNS name.

How do I know that I get a valid firefox version from getfirefox.com and not from firefox.download (yes, that domain name is available!?)?

Grüße, Carsten

More information about the Internet-history mailing list