Michael Vincent van Rantwijk, MultiZilla wrote: [...] > > What is the key difference here? Why can't you read authenticated > encrypted data but unauthenticated encrypted data? > > p.s. you are assuming that the server certificate is safe at all time, > which it isn't.
UserKey MITMkey --------> --------> User MITM Server <-------- <-------- MITMkey ServerKey Presumably it's the difference between: User: "OK!" ... and ... User: "Wait, your cert. said to consult with the Verisign CA, and they said to look for ServerKey instead of MITMkey. Something's fishy." Best regards, Jeremy Morton (Jez) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto