> I still don't understand where you're disagreeing with me.
Your attack includes things like hijacking and redirection, which is not
part of an MITM attack. Your postings also seem to come down on both
sides of "succesful" as to whether or not that is part of MITM.
If the MITM isn't intercepting or modifying the traffic *between A and B*
it is not MITM. If A and B -- the participants that originally intended
to communicate -- don't end up having (compromised) communication, than it
is not MITM.
If there's "out of band" signalling that the A:B comm channel has been
attacked, than the protocol is *not* protected against MITM. Or, you must
include the OOB information as part of the protocol. :)
/r$
PS: 35 web sites either got the definition wrong, or weren't clear enough
for you to understand? I'm not swayed.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
