TLS man in the middle
mheyman at gmail.com
mheyman at gmail.com
Fri Nov 6 06:22:07 EST 2009
>From <http://www.ietf.org/mail-archive/web/tls/current/msg03928.html>
and <http://extendedsubset.com/?p=8>
>From what I gather, when TLS client certificates are used, an attacker
can post a command to a victim server and have it authenticated by a
legitimate client.
-Michael Heyman
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list