|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bram Cohen (bram
gawth.com)Date: Fri Feb 23 2001 - 20:50:49 CST
On Fri, 23 Feb 2001, Eric Rescorla wrote:
> SSL ISN'T broken against MITM, as has been pointed out on this list
> before. It's certainly not any more broken than any other
> certificate-based system.
>
> The problem, as with all identity-based access control systems, is that
> you have to be very careful about comparing people's identities with
> what you expect.
And urls do not do a good job of conveying identity, hence SSL's MITM is
broken.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]