Security through kittens, was Solving password problems
Ray Dillinger
bear at sonic.net
Wed Feb 25 13:04:40 EST 2009
On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:
> You're right, but it's not obvious to me how a site can tell an evil
> MITM proxy from a benign shared web cache. The sequence of page
> accesses would be pretty similar.
There is no such thing as a "benign" web cache for secure pages.
If you detect something doing caching of secure pages, you need
to shut them off just as much as you need to shut off any other
MITM.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list