bucky at speakeasy.org
Fri Jun 4 15:08:00 GMT 2004
Since the list is so slow right now, I'll take this opportunity to ask a
question: Has anyone ever heard of somebody successfully eavesdropping on a
validly established HTTPS connection?
Some term definition: by "successful", I mean snooped encrypted traffic,
decrypted it, and learned something they didn't already know. "Valid" means
there was nothing funny going on with the setup of the secure connection. I
know about MIM attacks, and I know you can trick people into going to "secure"
sites that aren't what they think they are, but I'm not interested in those
-bucky at speakeasy.org
More information about the list