On Sat, 6 Jul 2002, Richard Lynch wrote: > I think we both agree that any old certificate is secure from snooping, > right?
I would disagree with that. In order to snoop on a connection, you need to have some access to the link. This may be by being in the same building with one of the endpoints, or by being in the same building as one of the ISPs involved, or by having remotely compromised a machine in one of the above locations. If you have this access, then you can divert packets. You can move wires around, or you can outrace a router and take over a connection as it's being initiated. Therefore you can present a certificate which is indistinguishable to the client from the "real" server's self-signed certificate, effectively hijacking the session. > Yes, a C&A signed certificate is nominally "better" than a non-signed one, > since you know that at some point, somebody paid somebody at least $119 > (US), and that the certificate has the same domain name as the domain name > of the computer you are now surfing to. > > You don't know it's the same computer, though, right? It could easily be a > stolen Cert and hijacked domain. > > For that matter, you don't know that a CRIMINAL purchased the C&A signed > Certificate in the first place. No, but the chances of each of these other things happening are progressively less. A certificate signed by a known certificate authority tells you that the server you're talking with has a unique token provided to the entity named. That's better than not knowing that. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
