S/MIME keys (was: What Are Some Good Projects For Novices?)
Paul Rubin
phr-n2001 at nightsong.com
Mon Aug 27 16:41:10 EDT 2001
"Steve Holden" <sholden at holdenweb.com> writes:
> > Browser CRL checking (at least in MSIE 5.x) works by checking incoming
> > certificates against a CRL at the CA, from what I understand.
>
> That may well be the case, but to check the CRL a browser is under no
> obligation to report the URL for which the check is being performed. So you
> can't track people by access to the CRL like DoubleClick do with access to
> ad graphics (and even that only works when the client sends the "Referer:"
> HTTP header).
I'm talking about what browsers actually do, not what they might
conceivably be programmed to do. No they don't report the specific
URL. But they do have to identify the certificate, which says what
the host is. That's generally most of the interesting info.
More information about the Python-list
mailing list