Quote:
Originally Posted by ApK
BTW, does anyone know: Can a MitM attack be successfully executed, in the real world, if you check that the server shows a properly issued SSL cert? That is, assuming your browser is not compromised, if you actually check that the cert is issued to the correct domain from a trusted root, is there a legitimate chance of there being a MitM? I'm seriously asking because I'm not that versed in the implementation details of SSL or proxies.
|
I think that if you check the certificate fully, there can't be a MITM, at least, not without compromising the server or the trusted roots.
But I'm by no means an expert.