Michael Vincent van Rantwijk, MultiZilla wrote:
[...]
>
> What is the key difference here? Why can't you read authenticated
> encrypted data but unauthenticated encrypted data?
>
> p.s. you are assuming that the server certificate is safe at all time,
> which it isn't.
UserKey MITMkey
--------> -------->
User MITM Server
<-------- <--------
MITMkey ServerKey
Presumably it's the difference between:
User: "OK!"
... and ...
User: "Wait, your cert. said to consult with the Verisign CA, and they
said to look for ServerKey instead of MITMkey. Something's fishy."
Best regards,
Jeremy Morton (Jez)
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
