* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 12:03 -0800:
* Steffen asked...
...on this level
[thanks a lot again for all the clarifications: authentication
levels, authentication-agnostic, URI-dependent certificates,
bugfix because missed intention, MITM tricks twitter to decrypt
and
On Wed, Jan 13, 2010 at 6:34 AM, Steffen DETTMER
steffen.dett...@ingenico.com wrote:
* aerow...@gmail.com wrote on Tue, Jan 12, 2010 at 12:29 -0800:
On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER
The problem is this:
The attacker makes a connection to a TLS-enabled server,
sending no
* aerow...@gmail.com wrote on Tue, Jan 12, 2010 at 12:29 -0800:
On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER
The problem is this:
The attacker makes a connection to a TLS-enabled server,
sending no certificate. It sends a command that, for whatever
reason, needs additional privilege
Responses inline. :)
On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER steffen.dett...@ingenico.com
wrote:
Hi,
thank you too for the detailed explanation. But the impact on
the client certificates (and its correct validation etc) is not
clear to me (so I ask inline in the second half of this