Bill Stackpole wrote:
> Strong cryptography would imply that hijacking would not work. However, if
> public key cryptography is used with PKI it might be possible for a
> man-in-the-middle attack to succeed. These exploits do not involve
> hyjacking sessions.
I presume you mean "without PKI"? Anyway, if you don't know the server's
public key in advance, you can be MitMed.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
