oss-sec mailing list archives
Re: On sanctioned MITMs
From: Joe Malcolm <jmalcolm () uraeus com>
Date: Tue, 5 May 2015 00:55:52 +0000
mancha writes:
I agree achieving end-to-end (E2E) security with interposition is an interesting security research area. In fact, it would be great if as a result of this thread more members of the infosec and oss communities were motivated to tackle that.
I've been thinking for a while that in the non-HTTPS world, it would be useful to have some kind of content verification without encryption, through hashes in URLs or the like. But the logical conclusion from this thread is that it's also useful in the encrypted context as well, as not all endpoints may be equally trusted. Having said that, what you do if the content you get back isn't as expected isn't totally clear. Joe
Current thread:
- On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Hanno Böck (May 01)
- Re: On sanctioned MITMs Kurt Seifried (May 01)
- Re: On sanctioned MITMs Dean Pierce (May 01)
- Re: On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Lyndon Nerenberg (May 01)
- Re: On sanctioned MITMs mancha (May 02)
- Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
- Re: On sanctioned MITMs Joe Malcolm (May 04)
- Re: On sanctioned MITMs Eddie Chapman (May 02)
- Re: On sanctioned MITMs mancha (May 01)