[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: login failure on WindowsNT
From: |
Rich Salz |
Subject: |
Re: login failure on WindowsNT |
Date: |
Tue, 17 Oct 2000 14:56:29 -0400 |
> Then cvs:// could mean connect to port 2401 and ask
> what authentication methods are valid. The server would respond with a list
> and
> the client would use whatever it thinks is the most secure to authenticate
> and set
> up an encryption stream.
Oooh, no, you *DON'T* want to do that -- it's a classic "man in the
middle" attack. I can sit between you and the server and force you to
downgrade to a lower security level. Early SSL had this problem.
Designing security protocols is hard. Recommend we stick to one hard
problem (source control) here.
/r$
- Re: login failure on WindowsNT, (continued)
RE: login failure on WindowsNT, John Scott - Outlook, 2000/10/12
Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
Re: login failure on WindowsNT, rsalz, 2000/10/12