* Matt McCutchen: > To test a server, simply view its certificate, choose a DNS name for > which the certificate is valid but for which the server is not listed in > DNS, and map that name to the server in your hosts file.
So you need a certificate to make this work. This is out of scope of what TLS protects against. If you've got a breach on the X.509 side of things, TLS won't help you (if you rely on X.509 certificates). > An HTTP redirect to a non-TLS site is bad: if it happens on a request > for a JavaScript file, the attacker can now inject malicious code. I agree that this can be a problem, but it is not a protocol issue. It's a server-side misconfiguration, combined with a certificate that was inappropriately acquired or shared. -- Florian Weimer <[email protected]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
