Re: Configuration Arguments... In House...

[Michael T. Babcock]

A valid point, but make sure everyone catches the MITM note: SSL is
vulnerable to MITM attacks (as described) in most E-commerce situations
because most E-commerce sites do not require authenticated (SSL-wise) users.

Bernd Eckenfels wrote:

> On Sat, Feb 03, 2001 at 10:25:24PM -0600, Benjamin Tomhave wrote:
> > SSL is only safe if the initial handshake is missed by the sniffer.
>
> No, SSL is safe against sniffing and against Man-in-the-middle. Of course
> for protection against MITM you need Certificates and trusted users. For
> protection against sniffing, replay, mac altering you just need to use a
> recent SSL or better TLS implementation and restrict your cipher suites.

--
Michael T. Babcock (PGP: 0xBE6C1895)
http://www.fibrespeed.net/~mbabcock/



-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]