- Page 1: More Tricks For Defeating SSL InPra
- Page 7 and 8: Certificate ChainingVeriSignInterme
- Page 9 and 10: What they say:●●●●Verify th
- Page 11 and 12: VeriSignWhat if...IntermediateCAInt
- Page 13 and 14: What they say:●●●●Verify th
- Page 15 and 16: But we just created a valid certifi
- Page 17 and 18: ...is a somewhat obscure field.Moxi
- Page 19 and 20: And then in 2002...●●●Microso
- Page 21: sslsniffMoxie MarlinspikeInstitute
- Page 25 and 26: iefMoxie MarlinspikeInstitute For D
- Page 27 and 28: SSL can be useful, but how it's dep
- Page 29 and 30: In the context of web browsing●It
- Page 31 and 32: Moxie MarlinspikeInstitute For Disr
- Page 33 and 34: sslsniffMoxie MarlinspikeInstitute
- Page 35 and 36: sslstrip●Watch HTTP traffic go by
- Page 37 and 38: How Does It Look?
- Page 39 and 40: How Does It Look?
- Page 41: the evolution of positive/negativef
- Page 44 and 45: Some sites provide no visible diffe
- Page 46 and 47: Secure Or Stripped?
- Page 48 and 49: Where can we go from here?Moxie Mar
- Page 50 and 51: What's with certificates, anyways?X
- Page 52 and 53: What's with certificates, anyways?X
- Page 54 and 55: What's with certificates, anyways?X
- Page 56 and 57: The Big Three● Secrecy● Authent
- Page 58 and 59: SSL Handshake BeginningsX509Certifi
- Page 60 and 61: Let's start by looking back once mo
- Page 62 and 63: Notaries!Moxie MarlinspikeInstitute
- Page 64 and 65: Phone Calls!Moxie MarlinspikeInstit
- Page 66 and 67: That is a bygone eraMoxie Marlinspi
- Page 68 and 69: Moxie MarlinspikeInstitute For Disr
- Page 70 and 71: PKCS #10CertificateRequestVersionSu
- Page 72 and 73:
PKCS #10CertificateRequestVersionSu
- Page 74 and 75:
PKCS #10CertificateRequestVersionSu
- Page 76 and 77:
PKCS #10CertificateRequestVersionSu
- Page 78 and 79:
PKCS #10CertificateRequestVersionSu
- Page 80 and 81:
SubjectsDistinguishedNameCountrySta
- Page 82 and 83:
SubjectsDistinguishedNameCountrySta
- Page 84 and 85:
SubjectsDistinguishedNameCountrySta
- Page 86 and 87:
CN Encoding●Essentially, the CN f
- Page 88 and 89:
PKCS #10 SubjectCommon Namewww.thou
- Page 90 and 91:
PKCS #10 SubjectCommon Nameiiiiiiii
- Page 92 and 93:
PKCS #10 Certificate SigningRequest
- Page 94 and 95:
Our Original ScenarioAttackerClient
- Page 96 and 97:
Our Original Scenariochar *destinat
- Page 98 and 99:
In memory, though...char *destinati
- Page 100 and 101:
What are “most” SSL implementat
- Page 102 and 103:
How does it look?Moxie MarlinspikeI
- Page 104 and 105:
How does it look?Moxie MarlinspikeI
- Page 106 and 107:
DisadvantagesMoxie MarlinspikeInsti
- Page 108 and 109:
Maybe there's another trick in here
- Page 110 and 111:
Moxie MarlinspikeInstitute For Disr
- Page 112 and 113:
Moxie MarlinspikeInstitute For Disr
- Page 114 and 115:
Universal Wildcard*\0.thoughtcrime.
- Page 116 and 117:
Other Weird Stuff●(www.paypal.com
- Page 118 and 119:
And... your remote exploit.● 144
- Page 120 and 121:
And... your remote exploit.● 144
- Page 122 and 123:
And... your remote exploit.(AAAAAAA
- Page 124 and 125:
And... your remote exploit.(AAAAAAA
- Page 126 and 127:
A Second Cut: updated sslsniffsslsn
- Page 128 and 129:
What do we have to worry about?1) C
- Page 130 and 131:
What do we have to worry about?1) C
- Page 132 and 133:
Defeating OCSPOCSPResponse ::= SEQU
- Page 134 and 135:
Defeating OCSPOCSPResponse ::= SEQU
- Page 136 and 137:
Defeating OCSPOCSPResponse ::= SEQU
- Page 138 and 139:
Defeating OCSPOCSPResponse ::= SEQU
- Page 140 and 141:
Defeating OCSPOCSPResponse ::= SEQU
- Page 142 and 143:
PROPOSED STANDARDNetwork Working Gr
- Page 144 and 145:
What do we have to worry about?2) U
- Page 146 and 147:
Firefox/Thunderbird: A Case Study
- Page 148 and 149:
Firefox/Thunderbird: A Case Study
- Page 150 and 151:
Firefox/Thunderbird: A Case Study
- Page 152 and 153:
Postscript:Stripping NULL is no sol
- Page 154 and 155:
Postscript:Stripping NULL is no sol
- Page 156:
sslsniff and sslstrip:http://www.th