nanog mailing list archives
Re: What *are* they smoking?
From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 15 Sep 2003 21:25:29 -0400
It's bad enough now; it could be even worse. They could respond on
port 443, too, with a legitimate-seeming certificate -- they're
*Verisign*, the leading certficate authority.
In the security world, we call this a man- (or monkey-)in-the-middle
attack, for which the standard defense is crypto. But that doesn't
work well when your trusted third party is part of the threat model...
--Steve Bellovin, http://www.research.att.com/~smb
Current thread:
- What *are* they smoking? Niels Bakker (Sep 15)
- Re: What *are* they smoking? Tim Wilde (Sep 15)
- RE: What *are* they smoking? Jeroen Massar (Sep 15)
- RE: What *are* they smoking? ken emery (Sep 15)
- RE: What *are* they smoking? Jeff S Wheeler (Sep 15)
- Re: What *are* they smoking? Matthew S. Hallacy (Sep 15)
- RE: What *are* they smoking? Jeroen Massar (Sep 15)
- RE: What *are* they smoking? Adam 'Starblazer' Romberg (Sep 15)
- Re: What *are* they smoking? Alex Lambert (Sep 15)
- Re: What *are* they smoking? Steven M. Bellovin (Sep 15)
- Re: What *are* they smoking? Marc Slemko (Sep 15)
- RE: What *are* they smoking? John Ferriby (Sep 15)
- RE: What *are* they smoking? Jeroen Massar (Sep 15)
- Re: What *are* they smoking? Tim Wilde (Sep 15)
- RE: What *are* they smoking? Fred Baker (Sep 15)
- Re: What *are* they smoking? David B Harris (Sep 15)
- Re: What *are* they smoking? mike harrison (Sep 15)
- Re: What *are* they smoking? Chris Adams (Sep 15)
- Re: What *are* they smoking? Christopher X. Candreva (Sep 15)