From: Jeff Barber <jeffb@sware.com>
To: ses@tipper.oit.unc.edu (Simon Spero)
Message Hash: 594bf1455bd95133212ee78bf6497f3a5dd2df3d11cfbf7f469add6ab7a01612
Message ID: <9509252112.AA29743@wombat.sware.com>
Reply To: <Pine.SOL.3.91.950925124443.359B-100000@chivalry>
UTC Datetime: 1995-09-25 21:13:36 UTC
Raw Date: Mon, 25 Sep 95 14:13:36 PDT
From: Jeff Barber <jeffb@sware.com>
Date: Mon, 25 Sep 95 14:13:36 PDT
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: SSL Man-in-the-middle
In-Reply-To: <Pine.SOL.3.91.950925124443.359B-100000@chivalry>
Message-ID: <9509252112.AA29743@wombat.sware.com>
MIME-Version: 1.0
Content-Type: text/plain
Simon Spero writes:
> Exactly - the trust model used in Navigator 1.1N requires you to trust
> every single owner of a valid certificate. Getting hold of any key is
> vastly easier than having to obtain a specific key; in the worst case,
> you just buy your own - SSL exchanges are repudiable, and a few simple
> tricks can make sure you cerificiate doesn't show up in the "Document
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Information" dialog box.
I'd appreciate some documentation for this, please. How can you make
this happen?
-- Jeff
Return to September 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”