[cryptography] yet another certificate MITM attack
thierry.moreau at connotech.com
Fri Jan 11 12:20:53 EST 2013
Jeffrey Walton wrote:
>> How do we teach developers to differentiate between the good
>> "men-in-the-middle" vs the bad "man-in-the-middle"?
According to another post by Peter, good ones would be based on
> Perhaps they should be using the evil bit in the TCP/IP header to
> indicate someone (or entity) is tampering with the secure channel?
That's an April 1st RFC!
Oh, maybe this whole thread is a bit in advance with the calendar.
More seriously, I agree that the questions raised by Jeffrey are
relevant, and I support his main point. End-to-end security should make
some sense, even today.
- Thierry Moreau
More information about the cryptography