What happened with the session fixation bug?
James A. Donald
jamesd at echeque.com
Sat May 7 17:03:07 EDT 2005
--
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.
However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI worthless against such man in the middle
attacks. Have these bugs been addressed?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
vPV62zjEtpTJHTV5lKXu2Sw+/5fke2gh9AwPeqQj
4oqqXlvYYKn9rR63ZsSEEjgV5fVyWT9+e6YttP3G/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list