[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2007-659[01]

* Stefan Fritsch:

> I don't agree with this. An attacker can trick a user to accept a
> certificate for '*' which then allows to do MITM attacks for any
> websites.

You still need to subvert IP routing.  If you do that, most users will
click away the warnings anyway.

Florian Weimer                <fweimer@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

Reply to: