Public Keys and the Web Page.
Ian G Batten
I.G.Batten at ftel.co.uk
Mon, 21 Jun 1999 09:41:47 +0100 (BST)
This is a multi-part message in MIME format...
------------=_929954498-23966-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Md5: QNR1foLcQ+9HnUTHaR+Njg==
In article <000801bebb1c$3f2f5ea0$966adec2@FortyTwo>,
Brian Gladman <ukcrypto@maillist.ox.ac.uk> wrote:
> This is why I said that this approach relies on the (alleged) owner of the
> page being vigilant. As you say they not only have to be sure that their
Difficult, though, in these days of transparent proxying. If I subvert
the infrastructure of an ISP which enforces caching via a transparent
proxy, as I believe Freeserve do, I could serve false keys to all the
users of that ISP. Given a correctly implemented man in the middle
attack, this could be quite lucrative. The owner of the page wouldn't
see the change unless they too happened to access it via the subverted
proxy, and it might be possible to hand out the original, legitimate key
in response to queries that come from the legitimate owner.
ian
------------=_929954498-23966-0
Content-Type: application/pgp-signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: PGP Information
-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: jP8pNL7HLGi6WcgJ8Pw9CIQE7qMWn5Y6
iQB1AwUBN236wsoy0yij3IvtAQExoQMAr4x9zLxLMEu6lMyh6VsfGfu03JuJSl66
dAWt94GMctcsOmJ38hancGhW8GfZigXQ4LTqzOQfmuv5y3NLna3mUnN0fYj9/NHA
7A32IN0lWrogjhQARy0TSO4JMogLMuPQ
=BXWU
-----END PGP MESSAGE-----
------------=_929954498-23966-0--