What happened with the session fixation bug?

James A. Donald jamesd at echeque.com
Sat May 7 17:03:07 EDT 2005


    --
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.

However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI  worthless against such man in the middle
attacks.  Have these bugs been addressed?

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     vPV62zjEtpTJHTV5lKXu2Sw+/5fke2gh9AwPeqQj
     4oqqXlvYYKn9rR63ZsSEEjgV5fVyWT9+e6YttP3G/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list