> >No, I am not at all confused. You are confused and immune to > >education and > >based on the number of emails I've gotten about this thread from > >professional security people, I'm pretty sure I'm right > > David, I am a security professional, and I have the greatest respect for > Rich Salz, and I have the greatest confidence in Geoff Thorpe as well.
Just so no one misinterprets the purpose or tone of my previous emails, I also have the greatest respect for Rich and Geoff. This thread began with questions by a programmer whom we all seemed to believe had a fundamental lack of understanding about crypto and SSL/TLS. Somehow that turned into a discussion about the definition of MITM with respect to SSL/TLS. All the participents since I joined the fray have said the same things, regardless of their viewpoint on the definition of MITM. The emails written by Rich, Geoff, David, and I have agreed on the facts of what SSL/TLS can do, what security (x509 usage) it offers and when it fails. It's only the definition of MITM in which we've divided into separate camps. Let's all agree to dissagree on this point. Truce. I'm going to bed. -- Brian Hatch "But it's a dry heat." Systems and "Turn on your oven. Climb Security Engineer inside. Yeah, that's a dry http://www.ifokr.org/bri/ heat too, but you're still going to bake, my friend." Every message PGP signed
pgp00000.pgp
Description: PGP signature