On 2014-07-31 01:29, Ondrej Mikle wrote:
I should probably add that a MitM attacker like an ISP can generally tamper with certificate chains sent in TLS handshake anyway, but AIA fetching would allow an adversary more hops away on a different continent to tamper with the connection.
How would an ISP tamper with the certificates send in TLS without TLS giving an error that the packets were tampered with?
I understand that it's possible with SSL 3.0 but not with TLS 1.0. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
