In an MITM attack, the adversary sits between A and B and is able to intercept and/or modify the communications between the two of them without their knowledge. Server certificates and "the DN's CN must be the FQDN" (sic:) help prevent MITM. (No, it doesn't happen automatically -- you have to check the trust chain, certificate keyUsage and nameConstraints, and all that other stuff -- but it is possible to write code that prevents MITM.)
/r$
-- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
