On Wed, Oct 16, 2013 at 3:33 PM, Jason Haar <jason_h...@trimble.com> wrote:
> On 17/10/13 02:42, Les Mikesell wrote:
>> Banking transactions would normally be done over https - which uses
>> ssl. Openvpn would add another layer over the open wifi hop, but I'm
>> not sure how much that adds to the security.
>
> For one thing it stops MITM attacks. Most people are naive and if
> they're on an untrusted network and someone MITM'ed their bank
> connection, they will click through the browser "don't trust this
> website" warning and bam - they've lost their bank creds.
>
> Forcing users through openvpn puts them on a trusted network where such
> skulduggery doesn't happen (and you could have AV proxies and other such
> stuff)
Yes, but if someone can MTM the https ssl, why couldn't they do the
same for openvpn's ssl? Is there more than the obscurity of using an
unexpected port for the traffic? And, on the flip side, if the user
is really paranoid, why should he trust the VPN host to not do the
same, since they become another point that can intercept both sides of
the conversation?
--
Les Mikesell
lesmikes...@gmail.com
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
