>This means a site paying attention to such things could notice a
>change in IP address, or, if several users were attacked this way,
>notice repeated connections from the same IP. (Granted the MITM
>could distribute the queries over a botnet, but it raises the bar
>I have no idea if sites do such check, just speculation on my part.

You're right, but it's not obvious to me how a site can tell an evil
MITM proxy from a benign shared web cache.  The sequence of page
accesses would be pretty similar. I suppose that you could hope that
legitimate HTTPS requests would come direct from the client machine,
so requests for multiple users on the same IP would be suspicious, but
on networks like AOL's, I wouldn't count on it working that way.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to