Hi, On Wed, Oct 16, 2013 at 04:32:18PM -0500, Les Mikesell wrote: > Yes, but if someone can MTM the https ssl, why couldn't they do the > same for openvpn's ssl? Is there more than the obscurity of using an > unexpected port for the traffic? And, on the flip side, if the user > is really paranoid, why should he trust the VPN host to not do the > same, since they become another point that can intercept both sides of > the conversation?
There is no button in OpenVPN "I do not trust this server's ssl cert,
do you want to go ahead nevertheless?" - there *is* in web browsers, and
thus, users press it...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp31KQhCVy12.pgp
Description: PGP signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
