Ian Grigg wrote:
Julien Pierre wrote:
Duane wrote:
Surely any form of encryption is better then in the clear?
Only if you are encrypting to the correct party, and not to a thief.
This is why we have CAs and trust.
That's too big a jump. It's quite hard for a thief
to jump in the middle and change things.
Not really. Without the authentication, any proxy, including the
so-called transparent proxies, could descrypt all traffic in both
directions without the end parties detecting it.
There are entire countries whose internet access all passes through
transparent proxies, so their governments can snoop. If they could
do MITM attacks, you can bet they would. They cannot do undetected
MITM on https, today, beceause of cert based authentication.
I spent some time in one of them this past year. You can bet I
was particularly careful to ensure I had uncompromised software and
an uncompromised root CA list. It would take only one compromised
root CA for them to be able to do MITM attacks on all https traffic.
Oh, and cert based secure AIM was my friend.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
