Public Key Infrastructure: An Artifact...
Bram Cohen
bram at gawth.com
Sat Nov 18 13:59:09 PST 2000
On Sat, 18 Nov 2000, Ben Laurie wrote:
> Bram Cohen wrote:
> >
> > Unless that problem is fixed, man in the middle is hardly made more
> > difficult - for example, Mallory could break into some random machine on
> > the net and steal it's public key, then hijack local DNS and when someone
> > goes to amazon.com redirect them to amazon.hackeddomain.com, and then
> > proxy to amazon.com - now even SSL says the connection is safe.
>
> Yes, and Mallory can't read the data - so what was the point?
Yes he can - he's presenting the key for hackeddomain.com, which he stole,
so he's quite capable of reading requests sent for it.
-Bram Cohen
More information about the Testlist
mailing list