What happened with the session fixation bug?

James A. Donald jamesd at echeque.com
Sat May 7 14:03:07 PDT 2005

PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.

However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI  worthless against such man in the middle
attacks.  Have these bugs been addressed?

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cypherpunks-legacy mailing list