[144301] in cryptography@c2.net mail archive
Re: Security through kittens, was Solving password problems
daemon@ATHENA.MIT.EDU (Ray Dillinger)
Wed Feb 25 13:16:44 2009
From: Ray Dillinger <bear@sonic.net>
To: John Levine <johnl@iecc.com>
Cc: cryptography@metzdowd.com, vwelch@illinois.edu
In-Reply-To: <20090225145339.91976.qmail@simone.iecc.com>
Date: Wed, 25 Feb 2009 10:04:40 -0800
On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:
> You're right, but it's not obvious to me how a site can tell an evil
> MITM proxy from a benign shared web cache. The sequence of page
> accesses would be pretty similar.
There is no such thing as a "benign" web cache for secure pages.
If you detect something doing caching of secure pages, you need
to shut them off just as much as you need to shut off any other
MITM.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
