On Friday, June 17, 2016 at 3:17:28 PM UTC+3, Jakob Bohm wrote: > The trick here is that the random value cannot be predicted by the > MITM, yet the server can generate it trivially without knowing the > dynamic page elements. Also the HTML compatibility rules make the page > show normally in browsers that don't look for the MITM detection data.
MITM can always generate his own random tail, and target user will never find out. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
