ssl certs don't allow you, the user to know if you're at the right site!! unless it's not possible to fake the information returned by the server to the client. i suspect that the information stream is easily faked... my question.. how do you know that paypal.com.. ia actually paypal.com (paypal), and not a carefuly crafted fake! -bruce -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Matthew Miller Sent: Sunday, June 05, 2005 3:15 PM To: For users of Fedora Core releases Subject: Re: how can you verify that the site you get is not a fake? On Sun, Jun 05, 2005 at 01:37:19PM -0700, bruce wrote: > if i go to a site, how can i verify that the site that's displayed is really > the 'correct' site. is there a way to actually 'get' the ip address, and > then to determine if that ip address actually matches up to the 'owner' of > the site i'm looking at.... > any thoughts/ideas/etc... There's really not an absolutely good way to do this. The best we've got is SSL server certificates. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 80 degrees Fahrenheit. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
