On 2009.11.08 at 12:59:47 +0100, David Sommerseth wrote:
>
> This flaw makes it, how I have understood it, possible to "duplicate" an
> on-going SSL connection (or transaction, which it often is referred to),
> making the SSL based server believe those two connections are the same
> client.
> Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/11/09 10:07, Victor Wagner wrote:
> On 2009.11.08 at 00:17:38 +0100, David Sommerseth wrote:
>
>>
>> Well said! Thank you for emphasising this. In my earlier posts, I
>> never intended to suggest that this was a work around, just to be clear
>
On 2009.11.08 at 00:17:38 +0100, David Sommerseth wrote:
>
> Well said! Thank you for emphasising this. In my earlier posts, I
> never intended to suggest that this was a work around, just to be clear
> about that. But --tls-auth is now, how I see it, the only way currently
> available "immedi
