Neff Robert A <[EMAIL PROTECTED]> writes: > You cannot snoop a secure https transaction without somehow > pretending to be the destination host. To do that requires > the cert, which is public, and private key, which you will > not have. Sort of. You can certainly passively snoop an HTTP transaction. There's no need to pose as the server. Decrypting the traffic requires, as you say, the private key, but not the certificate.
-Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]