CDR: Public Key Infrastructure: An Artifact...
Bram Cohen
bram at gawth.com
Sun Nov 19 15:46:17 PST 2000
On Sat, 18 Nov 2000 obfuscation at beta.freedom.net wrote:
> Bram Cohen <bram at gawth.com> writes:
> > Unless that problem is fixed, man in the middle is hardly made more
> > difficult - for example, Mallory could break into some random machine on
> > the net and steal it's public key, then hijack local DNS and when someone
> > goes to amazon.com redirect them to amazon.hackeddomain.com, and then
> > proxy to amazon.com - now even SSL says the connection is safe.
>
> Are you sure that works? I would think the SSL client would do a
> connection to the URL the user typed, www.amazon.com, and check the
> name in the cert to see if it (approximately) matches.
When the user goes to www.amazon.com, they get a plaintext http redirect
to amazon.hackeddomain.com, which does check.
-Bram Cohen
More information about the cypherpunks-legacy
mailing list