undefined | Better HN

0 pointsAnthonyMouse10y ago0 comments

If it says "bankofamericaa.com" your alarm bells should start ringing. Even assuming the attacker can't get a certificate for the right country, how is the user expected to notice (and understand) the wrong country code if they can't notice the wrong domain name?

0 comments

realityking10y ago

I'd argue it's at least simpler to notice since it's more readable - it has spaces between words.

AnthonyMouseOP10y ago

Notice that by this point the claimed benefit of the EV cert has lost all connection to the validation process and is now solely an artifact of the impermissibility of spaces in host names.

j / k navigate · click thread line to collapse

0 pointsAnthonyMouse10y ago0 comments

0 comments

realityking10y ago

I'd argue it's at least simpler to notice since it's more readable - it has spaces between words.

AnthonyMouseOP10y ago

Notice that by this point the claimed benefit of the EV cert has lost all connection to the validation process and is now solely an artifact of the impermissibility of spaces in host names.

j / k navigate · click thread line to collapse