On Thu, Nov 18, 2004 at 09:33:05AM -0800, JD Conley wrote:
> If an attacker attempts to connect and provides a certificate that is
> not on record for the host they are claiming to be, a dialback is
> performed against the authority of the host. The attacker, unless they
> have control of DNS or the other host's network, is then rejected as the
> dialback authority would produce a certificate that is not the same as
> the attacker's.
But the attacker hast to take over the DNS only once. After that his
certificate is "trusted" and he can use the faked domain without
problems. With pure dialback he would have to keep the DNS compromised
all the time he wants to use the faked domain.
Greets,
Jacek
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mail.jabber.org/mailman/listinfo/jdev
