SSL man-in-the-middle attacks
SSL man-in-the-middle attacks
Posted Dec 27, 2008 19:35 UTC (Sat) by hmh (subscriber, #3838)In reply to: SSL man-in-the-middle attacks by hmh
Parent article: SSL man-in-the-middle attacks
Never mind. This is incorrect. Yes, you disclose information, OCSP wants to be lightweight, so you tell the server just the certificates you're interested in.
That teaches me to re-check my facts before posting...
Posted Dec 28, 2008 2:00 UTC (Sun)
by james-mathiesen (guest, #50470)
[Link]
SSL man-in-the-middle attacks
Thanks for checking. I was hoping I had missed something. :(