cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-09-25 - Re: SSL Man-in-the-middle

Header Data

From: jsw@neon.netscape.com (Jeff Weinstein)
To: cypherpunks@toad.com
Message Hash: 5483fab1c97cd84229914fd239763b26dd046105ec51efc851bd6c5a3cac9ec0
Message ID: <447bes$7ai@tera.mcom.com>
Reply To: <199509251247.IAA27297@gatekeeper.itribe.net>
UTC Datetime: 1995-09-25 22:46:44 UTC
Raw Date: Mon, 25 Sep 95 15:46:44 PDT

Raw message

From: jsw@neon.netscape.com (Jeff Weinstein)
Date: Mon, 25 Sep 95 15:46:44 PDT
To: cypherpunks@toad.com
Subject: Re: SSL Man-in-the-middle
In-Reply-To: <199509251247.IAA27297@gatekeeper.itribe.net>
Message-ID: <447bes$7ai@tera.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.SOL.3.91.950925124443.359B-100000@chivalry>, ses@tipper.oit.unc.edu (Simon Spero) writes:
> Exactly - the trust model used in Navigator 1.1N requires you to trust 
> every single owner of a valid certificate. Getting hold of any key is 
> vastly easier than having to obtain a specific key; in the worst case, 
> you just buy your own - SSL exchanges are repudiable, and a few simple 
> tricks can make sure you cerificiate doesn't show up in the "Document 
> Information" dialog box.

  Can you explain to me how you would get the Navigator to accept your
certificate, but not display anything in the "Document Information"
dialog?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

Thread