[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2007-659[01]

On Friday 04 January 2008, Florian Weimer wrote:
> * Stefan Fritsch:
> > I don't agree with this. An attacker can trick a user to accept a
> > certificate for '*' which then allows to do MITM attacks for any
> > websites.
> You still need to subvert IP routing.

Or do DNS spoofing. Or the user uses a TOR exit node or a public WLAN. 
Or he uses his own laptop in a company network...

> If you do that, most users will click away the warnings anyway.

But this affects also those users who don't click away warnings. 

Reply to: