[cryptography] not a Paypal phish using EV certificate
James A. Donald
jamesd at echeque.com
Tue Aug 13 19:16:30 EDT 2013
On 2013-08-14 2:25 AM, Ben Lincoln (F70C92E3) wrote:
> On Tue, August 13, 2013 6:25 am, John Levine wrote:
>> I agree that it was not a great idea for Paypal to invent
>> paypal-communication.com rather than a subdomain of one of their
>> existing well-known domains such as communication.paypal.com.
> Using a different second-level domain is generally a security and/or
> bandwidth-optimization technique.
> It means that cookies for paypal.com aren't sent by the browser with every
> request to paypal-communication.com. This can provide huge inbound
> bandwidth reduction, depending on how cookie-heavy PayPal is.
Although websites often use huge numbers of huge cookies, one can easily
optimize one's cookie use. I can see no reason why anyone would ever
need more than a single 96 bit cookie that is a random number.
More information about the cryptography