Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What *are* they smoking?

  • From: Steven M. Bellovin
  • Date: Mon Sep 15 21:36:55 2003 
It's bad enough now; it could be even worse.  They could respond on 
port 443, too, with a legitimate-seeming certificate -- they're 
*Verisign*, the leading certficate authority.

In the security world, we call this a man- (or monkey-)in-the-middle
attack, for which the standard defense is crypto.  But that doesn't 
work well when your trusted third party is part of the threat model...


		--Steve Bellovin, http://www.research.att.com/~smb


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.