> From: Henrik Nordstrom [SMTP:hno@hem.passagen.se]
>
> The encryption protects the HTTP data from eavesdropping and tampering
> by any man-in-the-middle component, like proxies and such. This applies
> to both the requests and the responses.
>
In practice you could get away with a man in the middle
attack for most users who don't understand https and disable
or ignore security mode change warnings, by mapping the
URL at the proxy and only running https between the rogue
proxy and the server. Client certificates, which should
help prevent this, are only normally used on intranets.
Received on Thu Jan 13 2000 - 05:26:15 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:21 MST