[Gllug] IP address changes
Nix
nix at esperi.org.uk
Tue Nov 28 07:26:54 UTC 2006
On 28 Nov 2006, Pete Ryland uttered the following:
>> Reality, as has already been pointed out, is that mitm attacks are rare
>> and so it's not worth putting too much effort into preventing them.
>
> Hang on, isn't that what the whole SSL cert trust chain is about? The
> host is verified by the certificate authority (whose cert comes with
> the browser), so the user can tell if there is a man in the middle
> even if being proxied. Or have I missed something?
Proxied, yes: HTTP proxies change the protocol stream.
Transparent forwarding is quite different: HTTPS can't diagnose or
prevent that, or HTTPS would be unroutable (and quite useless).
One malicious router in the way (or something which from the POV of
your packets is a malicious router: it can spy on the packet flow
quite easily, including on the contents) and you're lost.
--
`The main high-level difference between Emacs and (say) UNIX, Windows,
or BeOS... is that Emacs boots quicker.' --- PdS
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list