18 Nov
2000
18 Nov
'00
5:28 p.m.
On Sat, 18 Nov 2000, Ben Laurie wrote:
Bram Cohen wrote:
Unless that problem is fixed, man in the middle is hardly made more difficult - for example, Mallory could break into some random machine on the net and steal it's public key, then hijack local DNS and when someone goes to amazon.com redirect them to amazon.hackeddomain.com, and then proxy to amazon.com - now even SSL says the connection is safe.
Yes, and Mallory can't read the data - so what was the point?
Yes he can - he's presenting the key for hackeddomain.com, which he stole, so he's quite capable of reading requests sent for it. -Bram Cohen