[Dshield] 0wnlng Windows machines

Darren Spruell phatbuckett at gmail.com
Mon Feb 26 21:48:51 GMT 2007


On 2/26/07, Tony Earnshaw <tonni at hetnet.nl> wrote:
> Forgive me, I've read about Bob and Alice too; the only significance of
> the CA certificate that we issue (and that is what is the springing
> point of this thread) is to state who issues it and if that instance can
> be trusted.
>
> It has (and neither has the data transmission) nothing to do with the
> encryption involved or its decryption, we are dealing with asymmetric
> encryption, in which anyone ("man in the middle") not in cognizance of
> the private key can go and hmmm ... fiddle hmmm ... with himself.

That's fine, except you're confusing someone passively monitoring the
encrypted session with someone performing a MITM attack against your
client/server.

DS


More information about the list mailing list