On Tue, Jul 22, 2003, Jue (Jacky) Shu wrote: > Thank you, David and Steve. > Yes, it will be a big problem if someone spoof DNS, > but it can prevent man-in-the-middle to some extent.
If an attacker can do MITM they can readily spoof DNS as well. > If the DNS is sabotaged, what can we do? > What should I believe? :-) > Well you have to do the unusual step of trusting the user :-) If they say that they want to connect to www.foobar.inc you assume that that's what they want to do. If however you go through various DNS contortions to get the final hostname then DNS spoofing would make it unreliable. It all depends on your threat model and trust policy. AFAICS in your scenario a MITM can only occur if the attacker has access to a trusted certificate and private key. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
