>This barely deserves mention, but is worth it for the humor: >"Information Security Expert says SSL (Secure Socket Layer) is Nothing More >Than a Condom that Just Protects the Pipe" >http://www.prweb.com/releases/2004/7/prweb141248.htm
The article says "The weaknesses of SSL implementations have been well known amongst security professionals, but their argument has been that SSL is the best tool currently on offer. The fact that it can be spoofed and is open to man in the middle attacks is played down." O.k., so if there is a vulnerability in a particular implementation there might be a possible MITM attack. Also possible to do MITM if user doesn't do proper verification. But I wouldn't say that SSL implementations in general are suspect to MITM attacks. Later in the article it is written: "What we can be certain of is that it is not possible to have a man-in-the-middle attack with FormsAssurity - encryption ensures that the form has really come from the claimed web site, the form has not been altered, and the only person that can read the information filled in on the form is the authorized site." O.k., so how do they achieve such assurances? Eric's comment about condoms being effective is right, so bad analogy as well! --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]