RE: how can you verify that the site you get is not a fake?

["bruce" <bedouglas earthlink net>]

ssl certs don't allow you, the user to know if you're at the right site!!
unless it's not possible to fake the information returned by the server to
the client. i suspect that the information stream is easily faked...

my question.. how do you know that paypal.com.. ia actually paypal.com
(paypal), and not a carefuly crafted fake!

-bruce



-----Original Message-----
From: fedora-list-bounces redhat com
[mailto:fedora-list-bounces redhat com]On Behalf Of Matthew Miller
Sent: Sunday, June 05, 2005 3:15 PM
To: For users of Fedora Core releases
Subject: Re: how can you verify that the site you get is not a fake?


On Sun, Jun 05, 2005 at 01:37:19PM -0700, bruce wrote:
> if i go to a site, how can i verify that the site that's displayed is
really
> the 'correct' site. is there a way to actually 'get' the ip address, and
> then to determine if that ip address actually matches up to the 'owner' of
> the site i'm looking at....
> any thoughts/ideas/etc...

There's really not an absolutely good way to do this. The best we've got is
SSL server certificates.

--
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list