Ed Felten of Princeton presented something similar at the Dimacs Network Threats workshop in November 96.
Jim Truitt just posted a link for their paper, which I've linked off my page. Although it incorporates most of the same ground as my stuff, I think I have shown some additional vulnerabilities and (more importantly) some new fixes. Cheers, Frank O'Dwyer.
Frank O'Dwyer wrote: | | I've written up an attack on SSL server authentication at | | http://www.iol.ie/~fod/sslpaper/sslpaper.htm | | As far as I am aware, this attack hasn't been written about before. | It does not attack the SSL protocol or low-level cryptography, but works | at a higher level in order to persuade users to connect to fake servers, | with the browser nonetheless giving all the usual appearances of a | secure session.
-- "It is seldom that liberty of any kind is lost all at once." -Hume