[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL Man-in-the-middle

To: [email protected] (Simon Spero)
Subject: Re: SSL Man-in-the-middle
From: Jeff Barber <[email protected]>
Date: Mon, 25 Sep 1995 17:12:20 -0400 (EDT)
Cc: [email protected], [email protected], [email protected]
In-Reply-To: <Pine.SOL.3.91.950925124443.359B-100000@chivalry> from "Simon Spero" at Sep 25, 95 12:55:25 pm
Sender: [email protected]

Simon Spero writes:

> Exactly - the trust model used in Navigator 1.1N requires you to trust 
> every single owner of a valid certificate. Getting hold of any key is 
> vastly easier than having to obtain a specific key; in the worst case, 
> you just buy your own - SSL exchanges are repudiable, and a few simple 
> tricks can make sure you cerificiate doesn't show up in the "Document 
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Information" dialog box.

I'd appreciate some documentation for this, please.  How can you make
this happen?


-- Jeff

References:
- Re: SSL Man-in-the-middle
  - From: Simon Spero <[email protected]>

Prev by Date: Re: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit
Next by Date: Re: "random" number seeds vs. Netscape
Prev by thread: Re: SSL Man-in-the-middle
Next by thread: Re: SSL Man-in-the-middle
Index(es):
- Date
- Thread