[Clo-devel] HTTPS

Stelian Ionescu sionescu at cddr.org
Wed Jan 28 14:35:29 UTC 2015

> Unfortunately, MITM is also possible for SSL and SSH (
> http://en.wikipedia.org/wiki/Man-in-the-middle_attack#Implementations
> lists
> publicly available implementations to execute them!).
> To mitigate the attack, basically the only option listed at
> http://en.wikipedia.org/wiki/Man-in-the-middle_attack#Defenses_against_the_attack
> that's available to us, hasn't been implemented (yet) by most large
> parties
> either (definitely not GitHub or Google): it's the roll-out of DNSSEC.

I suggest you read
https://www.imperialviolet.org/2015/01/17/notdane.html before putting
your hopes into DNSSEC.

Stelian Ionescu a.k.a. fe[nl]ix
Quidquid latine dictum sit, altum videtur.

More information about the clo-devel mailing list