[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

> I am not quite sure I understand how SSL is susceptible to the man in the
> middle attack.  Could you explain this a bit more or point me to some
> write-up on this.  If the client encrypts a session key with the public
> of a server pretty much the only thing that can decrypt the key is the
> server which has the private key corresponding to the public key in the
> certificate.  I don't see how a man in the middle attack can be launched
> here.

Spoof and imitate the CA ;-)

Follow-Ups: References: