On Sun, 19 Nov 2000 [EMAIL PROTECTED] wrote: > > When the user goes to www.amazon.com, they get a plaintext http redirect > > to amazon.hackeddomain.com, which does check. > > Still confused... > > The original connection to www.amazon.com is an SSL connection, right? > We are following an https: URL? (Otherwise, SSL would not even come > into the picture.) No, the attacker interferes with the very first connect to www.amazon.com, probably at the DNS level, and that's almost always done plaintext. -Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Greg Broiles
- Re: Public Key Infrastructure: An Artifact... Ed Gerck
- Re: Public Key Infrastructure: An Artifact... Greg Broiles
- Re: Public Key Infrastructure: An Artifact... Mac Norton
- Re: Public Key Infrastructure: An Artifact... Ed Gerck
- Re: Public Key Infrastructure: An Artifact... Greg Broiles
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Tim May
- Re: Public Key Infrastructure: An Artifact... Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Thank you for contacting us info
- Re: Public Key Infrastructure: An Artifact... Paul Crowley
- Re: Public Key Infrastructure: An Artifact... John Kelsey
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Eric Murray
