Re: Configuration Arguments... In House...

Bernd Eckenfels Sun, 04 Feb 2001 11:10:27 -0800

On Sun, Feb 04, 2001 at 08:33:37AM -0500, Michael T. Babcock wrote:
> A valid point, but make sure everyone catches the MITM note: SSL is
> vulnerable to MITM attacks (as described) in most E-commerce situations
> because most E-commerce sites do not require authenticated (SSL-wise) users.

It is enough to have one side authenticated. Normally you do it by chcking
the servers hostname against the crtificates CN.

The problem is only that ppl are too fast ignoring warnings from the browser
if the certificate fails to verify and that it is too easy to add new well
known certificates to msie.

Greetings
Bernd
-- 
  (OO)      -- [EMAIL PROTECTED] --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Re: Configuration Arguments... In House...

Reply via email to