Michael Vincent van Rantwijk, MultiZilla wrote:
[...]
> 
> What is the key difference here?  Why can't you read authenticated 
> encrypted data but unauthenticated encrypted data?
> 
> p.s. you are assuming that the server certificate is safe at all time, 
> which it isn't.

       UserKey        MITMkey
      -------->      -------->
User           MITM           Server
      <--------      <--------
       MITMkey       ServerKey


Presumably it's the difference between:
User: "OK!"

... and ...

User: "Wait, your cert. said to consult with the Verisign CA, and they 
said to look for ServerKey instead of MITMkey.  Something's fishy."

Best regards,
Jeremy Morton (Jez)

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to