On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:
> You're right, but it's not obvious to me how a site can tell an evil
> MITM proxy from a benign shared web cache. The sequence of page
> accesses would be pretty similar.
There is no such thing as a "benign" web cache for secure pages.
If you detect something doing caching of secure pages, you need
to shut them off just as much as you need to shut off any other
MITM.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
