[17227] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

What happened with the session fixation bug?

daemon@ATHENA.MIT.EDU (James A. Donald)
Fri May 20 15:26:56 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com, cypherpunks@lne.com
Date: Sat, 07 May 2005 14:03:07 -0700

    --
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.

However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI  worthless against such man in the middle
attacks.  Have these bugs been addressed?

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     vPV62zjEtpTJHTV5lKXu2Sw+/5fke2gh9AwPeqQj
     4oqqXlvYYKn9rR63ZsSEEjgV5fVyWT9+e6YttP3G/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17227] in cryptography@c2.net mail archive

What happened with the session fixation bug?

daemon@ATHENA.MIT.EDU (James A. Donald)Fri May 20 15:26:56 2005

daemon@ATHENA.MIT.EDU (James A. Donald)
Fri May 20 15:26:56 2005