David Schwartz wrote:
That's where your wrong. In the Internet trust model (anyone can get a
certificate signed by a trusted authority, all the certificate does it prove
they are who they say they are, not that they're someone I can trust), this
*is* the protection against a MITM.
This is not a MITM. A Man-in-the-middle attack assumes a party on the
wire, witnessing all communication and able to insert arbitrary text.
SSL guards against this in the case where the server (and, optionally,
the client) are authenticated.
The case of connecting to a different party (hijacking) has nothing
whatsoever to do with MITM.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
