[cryptography] SSL is not "broken by design"

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Sep 24 14:28:43 EDT 2011

Ben Laurie <ben at links.org> writes:

>So how about telling us what page X says.

There's no single page X, it starts at page X and goes on to page Y, where 
Y = X + 5-10.

(I can send you a link in private if you want, but it's way too much to post

>So as to steal your password.

Isn't that then a standard phishing site?  What's the new attack here, and why
would it defeat the risk-based assessment?


More information about the cryptography mailing list