[thelist] inaddr arpa, AOL, SSL
Anthony Baratta
Anthony at Baratta.com
Tue Apr 17 17:31:37 CDT 2001
At 02:45 PM 4/17/2001, you wrote:
> == I believe you. But... :) When I ask the server for it's
> credentials
>(client --> server) via ip, it tells me it's www2.somedomain.com. To make
>an SSL connection, don't I then need to verify that www2.somedomain.com is
>who it says it is by doing a reverse lookup? If not, couldn't joe schmoe
>ISP then change it's dns records to point to itself and then steal credit
>card numbers from a supposedly secure site?
Welp, you got me there. ;-)
That makes sense, but I'm still not sure. However its a perfectly
reasonable place to start trouble shooting.
You might want to use "dig" to compare the DNS entries on the two sites to
make sure they are configured the same.
----
Anthony Baratta
President
Keyboard Jockeys
More information about the thelist
mailing list