> And this is precisely the crux of why I think this thread is a waste of
> bandwidth.
Agreed.
I'll end, promising to shut up after this, with the following summary
1) SSL/TLS has the capabilities to be immune to MITM attacks.
2) These capabilities may be used in any number of ways, as
determined by the needs of the system (unix domain sockets
could rely soley on file permissions, and forgo any need
for X509/etc) or the protocol specification (HTTPS
requirement for trusted CAs and thus prevent an attack
by requiring CN match.)
3) Not using sufficent SSL/TLS capabilities in a secure way can
leave SSL/TLS open to successful attacks.[1]
4) Lots of companies/products probably do #3 above
5) No matter who replies to this message, I promise to not
respond to the list, and I hope not to respond off the
list either.
[1] Yes, we all dissagree with the definition of 'MITM', which is why
I just called this 'attacks'.
--
Brian Hatch "Look, somebody's got to have
Systems and some damn perspective around
Security Engineer here. Boom, sooner or later.
http://www.ifokr.org/bri/ *BOOM*!"
Every message PGP signed
pgp00000.pgp
Description: PGP signature
