> A DNS based man in the middle attack will not work against a SSL > enabled webserver. This is because SSL certificates certify an > association between a specific domain name and an ip address. An > attempted man in the middle attack against a SSL enabled Firefox > update server will result in the browser rejecting the connection to > the masquerading update server, as the ip address in the SSL > certificate, and the ip address returned by the DNS server will not > match.
False. SSL certificates do not authenticate DNS/IP associations. They authenticate public key/DNS associations. The difference is likely irrelevant to this issue, but be sure you understand SSL's PKI when you explain such things, lest you confuse crypto noobs. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
