On 05.02.26 15:11, Yaron Sheffer wrote:
Your 3 steps are about one server, but the attack we are addressing has a malicious M pretending the be the server is Step 3.And to your point: the discussion is similar to post-compromise security: we assume that most of the time, there is no MITM between the client and the server, and we want to protect subsequent connections between these two peers. You are right that there is no protection if the MITM persists between the client and server.
Thanks Yaron. Will appreciate a clear threat model in the next version. -Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
