Security through kittens, was Solving password problems

Ray Dillinger bear at sonic.net
Wed Feb 25 13:04:40 EST 2009


On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:

> You're right, but it's not obvious to me how a site can tell an evil
> MITM proxy from a benign shared web cache.  The sequence of page
> accesses would be pretty similar.

There is no such thing as a "benign" web cache for secure pages.
If you detect something doing caching of secure pages, you need 
to shut them off just as much as you need to shut off any other 
MITM.

				Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list