Right. With server auth you elimate the weakenss I was thinking about a few years back. As was pointed out I didn't check for html.
On Wed, Oct 03, 2007 at 03:55:21PM -0700, Michael Sierchio wrote: > [EMAIL PROTECTED] wrote: > > I'd like to ask the group about a possible man in the middle attack over > > https. > > What you've described (though see Viktor's post about what you didn't > really include in your message) is not MITM -- it's just a fake URL > scheme. SSL v3.0 and TLS with server auth are not subject to MITM. > > Regards, > > Michael > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
