* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 12:03 -0800:
> * Steffen asked...
> > ...on this level
[thanks a lot again for all the clarifications: authentication
levels, authentication-agnostic, URI-dependent certificates,
bugfix because missed intention, MITM tricks twitter to decrypt
and disclo
On Wed, Jan 13, 2010 at 6:34 AM, Steffen DETTMER
wrote:
> * aerow...@gmail.com wrote on Tue, Jan 12, 2010 at 12:29 -0800:
>> On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER
>> The problem is this:
>>
>> The attacker makes a connection to a TLS-enabled server,
>> sending no certificate. It sends
* aerow...@gmail.com wrote on Tue, Jan 12, 2010 at 12:29 -0800:
> On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER
> The problem is this:
>
> The attacker makes a connection to a TLS-enabled server,
> sending no certificate. It sends a command that, for whatever
> reason, needs additional privil
Responses inline. :)
On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER
wrote:
Hi,
thank you too for the detailed explanation. But the impact on
the client certificates (and its correct validation etc) is not
clear to me (so I ask inline in the second half of this mail).
* Kyle Hamilton wrote
