[8090] in cryptography@c2.net mail archive
Re: Public Key Infrastructure: An Artifact...
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Nov 18 17:28:23 2000
Message-ID: <3A16FE32.E78182F2@algroup.co.uk>
Date: Sat, 18 Nov 2000 22:09:54 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Bram Cohen <bram@gawth.com>
Cc: Lynn.Wheeler@firstdata.com, cryptography@c2.net, cypherpunks@cyberpass.net,
dbs@philodox.com, dcsb@ai.mit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Bram Cohen wrote:
>
> On Sat, 18 Nov 2000, Ben Laurie wrote:
>
> > Bram Cohen wrote:
> > >
> > > Unless that problem is fixed, man in the middle is hardly made more
> > > difficult - for example, Mallory could break into some random machine on
> > > the net and steal it's public key, then hijack local DNS and when someone
> > > goes to amazon.com redirect them to amazon.hackeddomain.com, and then
> > > proxy to amazon.com - now even SSL says the connection is safe.
> >
> > Yes, and Mallory can't read the data - so what was the point?
>
> Yes he can - he's presenting the key for hackeddomain.com, which he stole,
> so he's quite capable of reading requests sent for it.
Apologies, yes, you are correct, I misunderstood. But isn't this what
Lynn was suggesting in the first place?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
