[Dshield] 0wnlng Windows machines
phatbuckett at gmail.com
Mon Feb 26 21:48:51 GMT 2007
On 2/26/07, Tony Earnshaw <tonni at hetnet.nl> wrote:
> Forgive me, I've read about Bob and Alice too; the only significance of
> the CA certificate that we issue (and that is what is the springing
> point of this thread) is to state who issues it and if that instance can
> be trusted.
> It has (and neither has the data transmission) nothing to do with the
> encryption involved or its decryption, we are dealing with asymmetric
> encryption, in which anyone ("man in the middle") not in cognizance of
> the private key can go and hmmm ... fiddle hmmm ... with himself.
That's fine, except you're confusing someone passively monitoring the
encrypted session with someone performing a MITM attack against your
More information about the list