[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Thiago Macieira <thiago () kde ! org>
Date: 2009-06-09 6:23:06
Message-ID: 200906090823.07447.thiago () kde ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Jeff Mitchell wrote:
> Matthew Woehlke wrote:
>>> But there isn't a choice. Certificates are essentially the only
>>> encryption method feasible for most sites, because of e.g. browser
>>> support. So if all you need is encryption, and not authentication,
>>> you still have to use the same system.
>>
>> But *you don't get encryption* this way
>
>But you do.
The point is that, without authenticating the remote end, you open
yourself to man-in-the-middle attacks, which means you achieved no real
security.
You don't know who you're talking to, so there's no guarantee that the
data that was encrypted can't be intercepted by a third party.
In fact, since you don't authenticate your peer, there is no third party:
everyone in the internet is your peer. Since you're "encrypting to all",
it's the same as not encrypting.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic