On Sun Jan 24 17:15:17 EST 2010, news...@lava.net wrote: > > you are changing the topic. > > > > your original mail claimed to be worried > > about man-in-the-middle attacks. that means > > the attacker can respond to arbitrary traffic; > > the fact that you can verify the dns response > > is irrelevant if when you try to connect to the > > correct ip address the attacker handles it > > and you don't take advantage of ssl certificates > > to catch that. > > True, unless DNS provides a certificate that is bound > to the session in some way.
if one misdirects the original connection via dns and then uses the renegotiation bug, is this not a mitm attack? - erik
