oss-sec mailing list archives

Re: On sanctioned MITMs

From: Joe Malcolm <jmalcolm () uraeus com>
Date: Tue, 5 May 2015 00:55:52 +0000

mancha writes:

I agree achieving end-to-end (E2E) security with interposition is an
interesting security research area. In fact, it would be great if as a
result of this thread more members of the infosec and oss communities
were motivated to tackle that.


I've been thinking for a while that in the non-HTTPS world, it would
be useful to have some kind of content verification without
encryption, through hashes in URLs or the like. But the logical
conclusion from this thread is that it's also useful in the encrypted
context as well, as not all endpoints may be equally trusted.

Having said that, what you do if the content you get back isn't as
expected isn't totally clear.

Joe

Current thread:

On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Hanno Böck (May 01)
- Re: On sanctioned MITMs Kurt Seifried (May 01)
  - Re: On sanctioned MITMs Dean Pierce (May 01)
  - Re: On sanctioned MITMs mancha (May 01)
    - Re: On sanctioned MITMs Lyndon Nerenberg (May 01)
    - Re: On sanctioned MITMs mancha (May 02)
    - Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
    - Re: On sanctioned MITMs Joe Malcolm (May 04)
    - Re: On sanctioned MITMs Eddie Chapman (May 02)
- Re: On sanctioned MITMs Solar Designer (May 01)
  - Re: On sanctioned MITMs mancha (May 01)