On 10 April 2014 14:42, Dan York <[email protected]> wrote: > Now, the path to exploit this on the client side might be more difficult > because: > 1. The attacker would have to get the client to visit the malicious site > (i.e. via phishing or shared links on social media); or > 2. The attacker would have to do a MiTM or modify code on an existing > legitimate site; and > > Note that the attack works after the serverhello, but before the cert is transmitted so there's no MITM protection for clients against the attack.
Rich.
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
