There are two ways to target MITM attacks.
First is the attack against the user, sending everything destined for
TLS (either via HTTP proxy or via port-fowarding techniques) from the
user's machine to the attacker.
Second is the attack against the server, sending network traffic
destined for the s
Kyle Hamilton wrote:
The basic idea for querying this would be as follows: hash the Subject
and each/all SANs in the certificate, and query for that hash (perhaps
to a web service). If there's a match,
Would I as an attacker use a perfect Subject / SAN that would leave
itself easily matcha
On 11/08/2008 10:50 PM, Kyle Hamilton:
I would have no problem with changing the chrome when people step
outside of the assurances that Firefox tries to provide. I /do/ have
a problem with removing the ability for users to try to self-organize
their own networks. (The threat model is different,
Because you're assuming that everything that occurs in this world
exists in a corporate environment, Eddy. That is the environment
where CAs flourish, where CAs thrive, where CAs can do what they're
best at -- *because all authority and trust trickles down from the
corporation, a tool used to help
4 matches
Mail list logo
