Re: I'd like to get rid of pulseaudio but ... (Gene Heskett)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Bruno Wolff III <bruno@xxxxxxxx> said:
> On Sun, May 31, 2009 at 13:26:17 -0500,
>   Chris Adams <cmadams@xxxxxxxxxx> wrote:
> > HTTPS with an unknown self-signed cert is barely any more secure than
> > unencrypted HTTP, since a man-in-the-middle attack could just be
> > replacing the cert and decrypting all communications.
> 
> No it is a much harder attack than snooping. To do man in the middle you need
> to be able to take packets out of the stream and redirect them. This needs to
> be done in real time and if you guess wrong about whether the other end knows
> what the certificate is, people are going to notice you doing it.

ISTR if you can snoop you can hijack the TCP session setup by responding
first (aren't out-of-window packets ignored?).  You don't have to cause
the "real" responses to be dropped, you just have to respond faster.

> And be sure to note that certificate signed by RSA, Thawte or whoever doesn't
> equate to secure either. Unless you have verified the end certificate
> yourself you don't know that the organization on the other end is who you
> really mean to be talking to.

You are trusting that the CAs have done the verification, which they do
(to differing degrees).
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux