[cryptography] yet another certificate MITM attack

Thierry Moreau thierry.moreau at connotech.com
Fri Jan 11 12:20:53 EST 2013


Jeffrey Walton wrote:
>>
>> How do we teach developers to differentiate between the good
>> "men-in-the-middle" vs the bad "man-in-the-middle"?
>>

According to another post by Peter, good ones would be based on 
anonymous D-H.

> 
> Perhaps they should be using the evil bit in the TCP/IP header to
> indicate someone (or entity) is tampering with the secure channel?
> https://tools.ietf.org/html/rfc3514.
> 

That's an April 1st RFC!

Oh, maybe this whole thread is a bit in advance with the calendar.

More seriously, I agree that the questions raised by Jeffrey are 
relevant, and I support his main point. End-to-end security should make 
some sense, even today.

Regards,

-- 
- Thierry Moreau




More information about the cryptography mailing list