Ah, I also forgot to mention that an attacker with the ability to talk to gcache can completely screw you with just legitimate messages - by poisoning your cache. They can presumably also get access to session keys. So, if anyone can talk to gcache apart from Apache-SSL, you've had it anyway. Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: [EMAIL PROTECTED] | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/ ______________________________________________________________________ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- Re: [apache-ssl] Assertions considere... Ben Laurie
- Re: [apache-ssl] Assertions considere... Ralf S. Engelschall
- Re: [apache-ssl] Assertions considered ba... SPASTIC Member
- Re: [apache-ssl] Assertions considere... Ben Laurie
- Re: [apache-ssl] Assertions considere... Ralf S. Engelschall
- Re: [apache-ssl] Assertions considere... Simon Kenyon
- Re: [apache-ssl] Assertions considere... Ben Laurie
- Re: [apache-ssl] Assertions considere... Ralf S. Engelschall
- Re: [apache-ssl] Assertions considered bad!? (was... Marc Slemko
- Re: [apache-ssl] Assertions considered bad!? (was: Re:... Ben Laurie
- Re: [apache-ssl] Assertions considered bad!? (was... Ralf S. Engelschall
- Re: [apache-ssl] Assertions considered bad!? (was... Marc Slemko
- Re: [apache-ssl] Assertions considered bad!? ... Ben Laurie
- Re: [apache-ssl] Assertions considered ba... Ralf S. Engelschall
- Re: [apache-ssl] Assertions considere... Ben Laurie
