20 May
2005
20 May
'05
2:34 p.m.
-- PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less of a threat than expected. However, the session fixation bugs http://www.acros.si/papers/session_fixation.pdf make https and PKI worthless against such man in the middle attacks. Have these bugs been addressed? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG vPV62zjEtpTJHTV5lKXu2Sw+/5fke2gh9AwPeqQj 4oqqXlvYYKn9rR63ZsSEEjgV5fVyWT9+e6YttP3G/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com