Ahha! I know what we'll do, we'll require certificate authentication! Ok, assuming I have a list of the major CAs and the the certificate verified correctly
You're missing the point. A hijack or redirect is not a MITM attack. These words have specific meaning, which you are abusing.
Authentication != Authorization
"SSL" doesn't say anything about CN checking.
Right.
Yes, this is a 100% valid definition of MITM. At least to us security/network folks. SSL was designed to *provide you the ability* to prevent MITM attacks, but you need to do all the checks above, it doesn't just happen by itself.
You are simply mistaken. SSL is -IN SE- proof against MITM attack. It is computationally infeasible to succesfully interpose and perform the handshake between a client and a server in a non-anon setting.
If you connect to and authenticate the wrong server, that's not a MITM.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
