Katie Lucas wrote:
On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote:
But with no cryptographic digest you have no guarantee that the data you
receive provides from the person who showed his certificate. I think it
would be vulnerable to a man in the middle type of attack.
Only if they can spoof the IP streams...
Why would anyone assume that they can't ? An attacker might even have
other means of messing around with IP adresses that would allow him to
achieve man in the middle without spoofing.
--
Alain Damiral
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
