1995-09-25 - Re: SSL Man-in-the-middle
Header Data
From: Jeff Barber <jeffb@sware.com>
To: ses@tipper.oit.unc.edu (Simon Spero)
Message Hash: 594bf1455bd95133212ee78bf6497f3a5dd2df3d11cfbf7f469add6ab7a01612
Message ID: <9509252112.AA29743@wombat.sware.com>
Reply To: <Pine.SOL.3.91.950925124443.359B-100000@chivalry>
UTC Datetime: 1995-09-25 21:13:36 UTC
Raw Date: Mon, 25 Sep 95 14:13:36 PDT
Raw message
From: Jeff Barber <jeffb@sware.com>
Date: Mon, 25 Sep 95 14:13:36 PDT
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: SSL Man-in-the-middle
In-Reply-To: <Pine.SOL.3.91.950925124443.359B-100000@chivalry>
Message-ID: <9509252112.AA29743@wombat.sware.com>
MIME-Version: 1.0
Content-Type: text/plain
Simon Spero writes:
> Exactly - the trust model used in Navigator 1.1N requires you to trust
> every single owner of a valid certificate. Getting hold of any key is
> vastly easier than having to obtain a specific key; in the worst case,
> you just buy your own - SSL exchanges are repudiable, and a few simple
> tricks can make sure you cerificiate doesn't show up in the "Document
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Information" dialog box.
I'd appreciate some documentation for this, please. How can you make
this happen?
-- Jeff
Thread
Return to September 1995
- Return to ““David J. Bianco” <bianco@itribe.net>”
- Return to “Eric Young <eay@mincom.oz.au>”
- Return to “Jeff Barber <jeffb@sware.com>”
- Return to “jsw@neon.netscape.com (Jeff Weinstein)”
Return to “Simon Spero <ses@tipper.oit.unc.edu>”
- 1995-09-22 (Fri, 22 Sep 95 07:10:59 PDT) - SSL Man-in-the-middle - “David J. Bianco” <bianco@itribe.net>
- 1995-09-23 (Sat, 23 Sep 95 10:41:57 PDT) - Re: SSL Man-in-the-middle - “David J. Bianco” <bianco@itribe.net>
- 1995-09-25 (Sun, 24 Sep 95 17:47:19 PDT) - Re: SSL Man-in-the-middle - Eric Young <eay@mincom.oz.au>
- 1995-09-25 (Mon, 25 Sep 95 10:10:14 PDT) - Re: SSL Man-in-the-middle - “David J. Bianco” <bianco@itribe.net>
- 1995-09-25 (Mon, 25 Sep 95 12:53:39 PDT) - Re: SSL Man-in-the-middle - Simon Spero <ses@tipper.oit.unc.edu>
- 1995-09-25 (Mon, 25 Sep 95 14:13:36 PDT) - Re: SSL Man-in-the-middle - Jeff Barber <jeffb@sware.com>
- 1995-09-25 (Mon, 25 Sep 95 15:46:44 PDT) - Re: SSL Man-in-the-middle - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-26 (Tue, 26 Sep 95 06:32:16 PDT) - Re: SSL Man-in-the-middle - Simon Spero <ses@tipper.oit.unc.edu>
- 1995-09-25 (Mon, 25 Sep 95 12:53:39 PDT) - Re: SSL Man-in-the-middle - Simon Spero <ses@tipper.oit.unc.edu>
- 1995-09-25 (Mon, 25 Sep 95 10:10:14 PDT) - Re: SSL Man-in-the-middle - “David J. Bianco” <bianco@itribe.net>