On Mon, 26 Sep 2016 10:31:02 +0200
Matthew Seaman wrote:
[...]
> >
> > https://censys.io/
> >
[...]
>
> Hmmm... their TLS certificate is issued by 'StartCom Class 1 DV Server
> CA' This is a CA that prominently advertizes free SSL certificates,
> but otherwise looks like it charges just
Ronald F. Guilmette wrote this message on Sun, Sep 25, 2016 at 23:42 -0700:
> Here's my point: If you really have already managed to become
> the man-in-the-middle anyway, then couldn't you just dummy up
> any and all responses, including those for DNS, in such a way
> as to make it all appear to
"Ronald F. Guilmette" writes:
> If you are the man in the middle, and if the target/victim asks for
> the certificate for some spoofed site `X', can't you just give him
> back something which is valid for the spoofed site, you know, since
> you are in the middle completely anyway?
The client shou
Thanks to everybody who replied, and sorry for being s off topic.
In message <74ed7019-cb87-c55a-fb6d-1c016bf04...@freebsd.org>,
Matthew Seaman wrote:
>> https://www.wired.com/2010/03/packet-forensics/
>>...
>The article doesn't make it entirely clear, but they are talking about
>encr
RW writes:
> There's a simple paint analogy here:
>
> https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
>
> that illustrates how it's possible to exchange a shared secret without
> an eavesdropper knowing what it is. The shared secret can then be used
> for symmetric encryption using some
On Sun, 25 Sep 2016 23:42:34 -0700
Ronald F. Guilmette wrote:
> Here's my point: If you really have already managed to become
> the man-in-the-middle anyway, then couldn't you just dummy up
> any and all responses, including those for DNS, in such a way
> as to make it all appear to the victim t
On 26/09/2016 08:42, Ronald F. Guilmette wrote:
>
> Sorry folks. I'm almost entirely ignorant about everything crypto,
> and these questions would probably be better asked elsewhere, but
> you all on this list are nicer that folks elsewhere, and probably
> will have the kindness not to poke too m
Ronald F. Guilmette, and lo! it spake thus:
>
> Here's my point: If you really have already managed to become the
> man-in-the-middle anyway, then couldn't you just dummy up any and
> all responses, including those for DNS, in such a way as to make it
> all appear to the victim that everything wa
Sorry folks. I'm almost entirely ignorant about everything crypto,
and these questions would probably be better asked elsewhere, but
you all on this list are nicer that folks elsewhere, and probably
will have the kindness not to poke too much fun at my ignorance.
So, here goes...
First question:
