On Sun, 19 Nov 2000 [EMAIL PROTECTED] wrote: > > When the user goes to www.amazon.com, they get a plaintext http redirect > > to amazon.hackeddomain.com, which does check. > > Still confused... > > The original connection to www.amazon.com is an SSL connection, right? > We are following an https: URL? (Otherwise, SSL would not even come > into the picture.) No, the attacker interferes with the very first connect to www.amazon.com, probably at the DNS level, and that's almost always done plaintext. -Bram Cohen
- Re: Public Key Infrastructure: An Artifact... R. A. Hettinga
- Re: Public Key Infrastructure: An Artifact... Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Kevin E. Fu
- Re: Public Key Infrastructure: An Artifact... obfuscation
- Re: Public Key Infrastructure: An Artifact... obfuscation
- Re: Public Key Infrastructure: An Artifact... Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Dennis Glatting
- Re: Public Key Infrastructure: An Artifact... Lynn . Wheeler
- Re: Public Key Infrastructure: An Artifact... Ray Dillinger
- Re: Public Key Infrastructure: An Artifact... Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Bram Cohen
- Re: Public Key Infrastructure: An Artifact... Mark Scherling
- Re: Public Key Infrastructure: An Artifact... John Kelsey
