[cryptography] yet another certificate MITM attack

Jeffrey Walton noloader at gmail.com
Fri Jan 11 13:57:58 EST 2013


On Fri, Jan 11, 2013 at 12:20 PM, Thierry Moreau
<thierry.moreau at connotech.com> wrote:
> Jeffrey Walton wrote:
>>>
>>> ...
>> Perhaps they should be using the evil bit in the TCP/IP header to
>> indicate someone (or entity) is tampering with the secure channel?
>> https://tools.ietf.org/html/rfc3514.
>
> That's an April 1st RFC!
>
> Oh, maybe this whole thread is a bit in advance with the calendar.
It needs to be updated for IPv6, too :)

> More seriously, I agree that the questions raised by Jeffrey are relevant,
> and I support his main point. End-to-end security should make some sense,
> even today.
I think a layman expects end-to-end security. As a more informed user,
I also expect end-to-end security.

What befuddles me is some folks don't expect it (or perhaps don't want
it?). I am amazed at how the industry has conditioned them.

Jeff



More information about the cryptography mailing list