Mary and Mallory may not be the same control. Mary has a site with a cert with AIA. Mallory can take control over that location for the AIA, without Mary being able to do a thing to stop it.
-Kyle H On Thu, Sep 18, 2008 at 2:02 PM, Eddy Nigg <[EMAIL PROTECTED]> wrote: > On 09/18/2008 11:50 PM, Kyle Hamilton: > >> Client Alice connects to server Mary. Mary sends a certificate with >> an AIA, no chain. > > Cute :-) > >> Mary happens to be a honeypot. >> >> Alice looks up AIA, makes connection to Mallory to retrieve the certificate. >> >> Mallory is looking for people who are looking at Mary. >> >> Mallory knows, beyond a shadow of a doubt, that Alice is looking at Mary. >> > > Since Mary and Mallory are under the same control it doesn't matter. > Whoever controls Mary knows that Alice is looking at Mary anyway...Even > in the scenario of Mary being compromised doesn't matter anymore... > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: [EMAIL PROTECTED] > Blog: https://blog.startcom.org > _______________________________________________ > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
