Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tbrownaw
on March 25, 2010
|
parent
|
context
|
favorite
| on:
Law Enforcement Appliance Subverts SSL
It comes with a list of the notaries and their public keys. So, the only concern is if your initial download is MitM'ed.
http://www.cs.cmu.edu/~perspectives/notary_list.txt
codexon
on March 25, 2010
[–]
Or the attacker could just block those servers and then spoof that file with new URLs and public keys.
tbrownaw
on March 25, 2010
|
parent
[–]
Hard to spoof a file that you've already got a local copy of...
codexon
on March 25, 2010
|
root
|
parent
[–]
If you can't connect to the servers because the middleman blocked them, a user might assume that the servers were updated, and then proceed to use the spoofed file...
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
http://www.cs.cmu.edu/~perspectives/notary_list.txt