On 12/01/2011 11:11 PM, Sampo Syreeni wrote:

On 2011-12-01, Randall Webmail wrote:

...

I am an almost-complete greenie WRT crypto, which is why I'm here to learn.

What is the proper thing to do when one of those things pops up? (It is NOT a rare event).

They mostly mean you no harm.

You don't know that. For all we know, Randall Webmail is someone who posted something derogatory about the King or El Presidente and when the Honor Police get on his Facebook they're going to round up all his friends along with him. Or he's sitting comfortably in his quite suburban home and he happens to have one of the estimated 1M home routers that are pwned or 1M PCs with the dnschanger trojan and his banking session is being redirected to a hostile server. http://www.eweek.com/c/a/Security/Researchers-Discover-Link-Between-TDSS-Roo...

So just accept/except.

This is not good advice.

But always bear in mind that it *could* be a man-in-the-middle attack.

All legitimate secure sites have a valid certificate, or the site is horribly broken. If you ask for a secure site, and are presented with a certificate that was not issued to the legitimate site, it *is* a man-in-the-middle attack, by definition. Just because you're staying in a hotel does not mean that you must allow that hotel to intercept your secure communications. Furthermore, you probably have know way of knowing that it even is the hotel that's intercepting you. Hotel networks are not known for themselves being secure, and authentication systems tend not to degrade gracefully. - Marsh _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE