[145037] in cryptography@c2.net mail archive
Re: TLS man in the middle
daemon@ATHENA.MIT.EDU (Sandy Harris)
Sun Nov 8 13:05:56 2009
In-Reply-To: <5c8fcb9c0911060322s6dd60f0el85488839ef5b58d4@mail.gmail.com>
Date: Sat, 7 Nov 2009 09:13:12 +0800
From: Sandy Harris <sandyinchina@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
On 11/6/09, mheyman@gmail.com <mheyman@gmail.com> wrote:
> >From <http://www.ietf.org/mail-archive/web/tls/current/msg03928.html>
> and <http://extendedsubset.com/?p=8>
>
> >From what I gather, when TLS client certificates are used, an attacker
> can post a command to a victim server and have it authenticated by a
> legitimate client.
I'm in China and use SSL/TLS for quite a few things. Proxy connections,
Gmail set to "always use https" and so on. This is the main defense for
me and many others against the Great Firewall.
Should I be worrying about man-in-the-middle attacks from the Great
Firewall servers?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
