CDR: Re: Public Key Infrastructure: An Artifact...
Bram Cohen
bram at gawth.com
Mon Nov 20 14:01:22 PST 2000
On Sun, 19 Nov 2000 obfuscation at beta.freedom.net wrote:
> > When the user goes to www.amazon.com, they get a plaintext http redirect
> > to amazon.hackeddomain.com, which does check.
>
> Still confused...
>
> The original connection to www.amazon.com is an SSL connection, right?
> We are following an https: URL? (Otherwise, SSL would not even come
> into the picture.)
No, the attacker interferes with the very first connect to www.amazon.com,
probably at the DNS level, and that's almost always done plaintext.
-Bram Cohen
More information about the cypherpunks-legacy
mailing list