On 10 September 2013 22:04, Joe Abley <jab...@hopcount.ca> wrote: > Suppose Mallory has access to the private keys of CAs which are in "the" > browser list or otherwise widely-trusted. > > An on-path attack between Alice and Bob would allow Mallory to terminate > Alice's TLS connection, presenting an opportunistically-generated > server-side certificate with signatures that allow it to be trusted by > Alice without pop-ups and warnings. Instantiating a corresponding session > with Bob and ALGing the plaintext through with interception is then > straightforward. >
CT makes this impossible to do undetected, of course.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography