Full Disclosure mailing list archives
Re: FD / lists.grok.org - bad SSL cert
From: Valdis.Kletnieks () vt edu
Date: Mon, 05 Jan 2009 14:46:42 -0500
On Mon, 05 Jan 2009 11:25:58 PST, Tim said:
Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text.
It's *slightly* better, in that it guards against passive sniffing attacks on the data in transit. You're right that it doesn't guard against an active MITM attack.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FD / lists.grok.org - bad SSL cert Gary Wilson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Michael Krymson (Jan 07)
- Re: FD / lists.grok.org - bad SSL cert Anders B Jansson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Rob Thompson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Noel Butler (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Adrenalin (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert chort (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Rob Thompson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- The merits and uses of CAs Christopher Pritchard (Jan 05)
- Re: The merits and uses of CAs Valdis . Kletnieks (Jan 05)