[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: login failure on WindowsNT

From: Rich Salz
Subject: Re: login failure on WindowsNT
Date: Tue, 17 Oct 2000 14:56:29 -0400

> Then cvs:// could mean connect to port 2401 and ask
> what authentication methods are valid.  The server would respond with a list 
> and
> the client would use whatever it thinks is the most secure to authenticate 
> and set
> up an encryption stream.

Oooh, no, you *DON'T* want to do that -- it's a classic "man in the
middle" attack.  I can sit between you and the server and force you to
downgrade to a lower security level.  Early SSL had this problem. 
Designing security protocols is hard.  Recommend we stick to one hard
problem (source control) here.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]