I just wrote:
] Perhaps you assumed no one around here
] knows about DH or other means to get session confidentiality.
To forestall quibbles, yes, a simple DH exchange with random keys won't
exclude men in the middle. To exclude a man in the middle, you need
something like certs. However, I've never heard of any men-in-the
middle attacks on "internet commerce" sessions that certs would have
prevented. There have been plenty of man-in-the middle attacks on
credit card numbers, but they've been outside the parts of the path
protected by public keys or within the end systems. Two recent examples
are described in http://catless.ncl.ac.uk/Risks/22.61.html#subj9 and
http://catless.ncl.ac.uk/Risks/22.61.html#subj10
See also http://www.securitymanagement.com/library/000836.html
http://www.counterpane.com/pki-risks-ft.txt
http://www.securityfocus.com/columnists/60
http://www.csl.sri.com/users/neumann/insiderisks.html#132
and http://www.microsoft.com/technet/security/bulletin/ms01-017.asp
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg