[openssl-users] Question on necessity of SSL_CTX_set_client_CA_list

Michael Ströder michael at stroeder.com
Sat Dec 8 11:58:46 UTC 2018

On 12/7/18 11:44 PM, Michael Wojcik wrote:
> Homograph attacks combined with phishing would be much cheaper and
> easier. Get a DV certificate from Let's Encrypt for anazom.com or
> amazom.com, or any of the Unicode homograph possibilies>
> Part of the point of EV certificates was supposed to be making the
> difference in trust visible to end users.
And how do you avoid such homograph attack on subject DN attribute "O"
(organization's name) when display the holy EV green sign?

=> EV certs also don't help in this case.

Also in case of amazon.com most users know the pure domain name but not
the *exact* company name, not to speak of the multitude of names of all
the subsidiaries.

Ciao, Michael.

More information about the openssl-users mailing list