Hi,

A co-worker of mine pointed my attention at a possible Security problem
in Konqueror today.
While connecting to a i.e. Self-certified SSL site, you don't recieve a
warning. You surely question, what the problem about this is.
The point is the following: This makes an eventual man in the Middle
attack possbile.

Let me give you an example:


Without an attack:
 
host <---[Server's Certificate]-- Server
                  |
                  |
         Signed by trust center


With an attack:

host <-[wrong CERT]- man in the middle -[right CERT]- Server

A warning should inform about the Trust Center which signed the
Servers Key and it should tell it's creators.

What do you think?

Igor
-- 
"Die Wirklichkeit ist nicht die Wahrheit"
- Realitaetspinzip, 1983, Erich Fried
 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<