SSL Man-in-the-middle
Jeff Barber
jeffb at sware.com
Mon Sep 25 14:13:36 PDT 1995
Simon Spero writes:
> Exactly - the trust model used in Navigator 1.1N requires you to trust
> every single owner of a valid certificate. Getting hold of any key is
> vastly easier than having to obtain a specific key; in the worst case,
> you just buy your own - SSL exchanges are repudiable, and a few simple
> tricks can make sure you cerificiate doesn't show up in the "Document
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Information" dialog box.
I'd appreciate some documentation for this, please. How can you make
this happen?
-- Jeff
More information about the cypherpunks-legacy
mailing list