Python and SSL
Steve Holden
steve at holdenweb.com
Tue Apr 17 07:23:29 EDT 2007
Paul Rubin wrote:
> "Martin v. Löwis" <martin at v.loewis.de> writes:
>> It means that these modules can do encrypted communication for their
>> respective protocol. They cannot validate that they are really talking
>> to the server they think they talk to (so they are prone to a
>> man-in-the-middle attack), however, as communication is encrypted, they
>> are protected against wire-tapping.
>
> Unless the wiretapper is running a man-in-the-middle attack...
>
That's pretty unreasonable: wiretapping is normally regarded as passive
listening - when the FBI tap your wire do they try and impersonate the
people you are calling? - and Martin already explained that
man-in-the-middle was still a risk.
Why muddy the issue with this "point"?
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
Recent Ramblings http://holdenweb.blogspot.com
More information about the Python-list
mailing list