|
Full Disclosure
mailing list archives
Re: FD / lists.grok.org - bad SSL cert
From: Valdis.Kletnieks () vt edu
Date: Mon, 05 Jan 2009 14:46:42 -0500
On Mon, 05 Jan 2009 11:25:58 PST, Tim said:
Uh, no, actually CAs provide some weak assurance that the certificate is
the real one and associated with that server. A self-signed one
provides none. If you can't, in some way, authenticate the certificate
then SSL is not any better than sending data plain text.
It's *slightly* better, in that it guards against passive sniffing attacks
on the data in transit. You're right that it doesn't guard against an
active MITM attack.
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: FD / lists.grok.org - bad SSL cert James Matthews (Jan 05)
Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
Re: FD / lists.grok.org - bad SSL cert chort (Jan 05)
Re: FD / lists.grok.org - bad SSL cert Volker Tanger (Jan 05)
(Thread continues...)
| 
