RE: how can you verify that the site you get is not a fake?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--On Sunday, June 05, 2005 10:06 PM -0700 Joel Jaeggli <[email protected]> wrote:

steal the cert installed on the webserver and use it in conjunction with
some ip based trickery to masquerede as the site in question

I think the OP was also concerned with replay attacks, and it's the second part of this response that's used to prevent that.


I believe there's also a challenge-response component: The client sends something that the remote server encrypts with its private key. The client uses the public key (the cert returned) to decode it and verify that the server possesses the private key.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux