ietf-asrg
[Top] [All Lists]

RE: [Asrg] New take on emerging idea. (Query/C-R system?)

2003-04-12 09:42:08
Without authenticators such as shared secrets or public keys, it is
obvious that SSL or TLS does nothing against a classic 
man-in-the-middle
attack.  

If you read the damn spec you will realise that it is obvious that
it supports that use. I fact I don't believe SSL supports any other
use whatsoever.

So your statement being vulnerable against a man in the middle 
attack would be pure unadulterated B/S. 

As is the rest of your message.


Go read Bruce Schnier's Secrets and Lies. It took a long time before
he understood that security was a matter of risk control rather than
risk elimination.

                Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg