man in the middle, SSL

Ivan Krstić krstic at
Sat Feb 3 16:18:53 EST 2007

[I prefer to keep discussions on-list where possible. CCing the list.]

Beryllium Sphere LLC wrote:
>     Bruce Schneier pointed out years ago that it's trivial for a virus
>     or Trojan to add a new trusted CA to the browser's list of trusted
>     roots. At least one "advertising support web accelerator" installs
>     itself in the browser configuration as a peer of Verisign and can
>     then proxy SSL without any warning to the user.

Right. I was talking about the kind of MITM where an attacker is
physically between your machine and the SSL destination, such as sitting
on your network's egress. MOYM (man on your machine) attacks are a bit
of a lost cause with most modern OS environments, though I've been
working pretty hard to try and change that on the One Laptop per Child

Ivan Krstić <krstic at> | GPG: 0x147C722D

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list