- Page 1: More Tricks For Defeating SSL InPra
- Page 8 and 9: How do we verify these things?Moxie
- Page 10 and 11: Here Be Dragons●●●Very tempti
- Page 12 and 13: VeriSignWhat if...IntermediateCAInt
- Page 14 and 15: Something must be wrong, but...●
- Page 16 and 17: The missing piece...Moxie Marlinspi
- Page 18 and 19: Back In The Day●●●●Most CAs
- Page 20 and 21: sslsniffMoxie MarlinspikeInstitute
- Page 22: sslsniffsslsniff●Intercept a conn
- Page 25 and 26: iefMoxie MarlinspikeInstitute For D
- Page 27 and 28: SSL can be useful, but how it's dep
- Page 29 and 30: In the context of web browsing●It
- Page 31 and 32: Moxie MarlinspikeInstitute For Disr
- Page 33 and 34: sslsniffMoxie MarlinspikeInstitute
- Page 35 and 36: sslstrip●Watch HTTP traffic go by
- Page 37 and 38: How Does It Look?
- Page 39 and 40: How Does It Look?
- Page 41: the evolution of positive/negativef
- Page 44 and 45: Some sites provide no visible diffe
- Page 46 and 47: Secure Or Stripped?
- Page 48 and 49: Where can we go from here?Moxie Mar
- Page 50 and 51: What's with certificates, anyways?X
- Page 52 and 53:
What's with certificates, anyways?X
- Page 54 and 55:
What's with certificates, anyways?X
- Page 56 and 57:
The Big Three● Secrecy● Authent
- Page 58 and 59:
SSL Handshake BeginningsX509Certifi
- Page 60 and 61:
Let's start by looking back once mo
- Page 62 and 63:
Notaries!Moxie MarlinspikeInstitute
- Page 64 and 65:
Phone Calls!Moxie MarlinspikeInstit
- Page 66 and 67:
That is a bygone eraMoxie Marlinspi
- Page 68 and 69:
Moxie MarlinspikeInstitute For Disr
- Page 70 and 71:
PKCS #10CertificateRequestVersionSu
- Page 72 and 73:
PKCS #10CertificateRequestVersionSu
- Page 74 and 75:
PKCS #10CertificateRequestVersionSu
- Page 76 and 77:
PKCS #10CertificateRequestVersionSu
- Page 78 and 79:
PKCS #10CertificateRequestVersionSu
- Page 80 and 81:
SubjectsDistinguishedNameCountrySta
- Page 82 and 83:
SubjectsDistinguishedNameCountrySta
- Page 84 and 85:
SubjectsDistinguishedNameCountrySta
- Page 86 and 87:
CN Encoding●Essentially, the CN f
- Page 88 and 89:
PKCS #10 SubjectCommon Namewww.thou
- Page 90 and 91:
PKCS #10 SubjectCommon Nameiiiiiiii
- Page 92 and 93:
PKCS #10 Certificate SigningRequest
- Page 94 and 95:
Our Original ScenarioAttackerClient
- Page 96 and 97:
Our Original Scenariochar *destinat
- Page 98 and 99:
In memory, though...char *destinati
- Page 100 and 101:
What are “most” SSL implementat
- Page 102 and 103:
How does it look?Moxie MarlinspikeI
- Page 104 and 105:
How does it look?Moxie MarlinspikeI
- Page 106 and 107:
DisadvantagesMoxie MarlinspikeInsti
- Page 108 and 109:
Maybe there's another trick in here
- Page 110 and 111:
Moxie MarlinspikeInstitute For Disr
- Page 112 and 113:
Moxie MarlinspikeInstitute For Disr
- Page 114 and 115:
Universal Wildcard*\0.thoughtcrime.
- Page 116 and 117:
Other Weird Stuff●(www.paypal.com
- Page 118 and 119:
And... your remote exploit.● 144
- Page 120 and 121:
And... your remote exploit.● 144
- Page 122 and 123:
And... your remote exploit.(AAAAAAA
- Page 124 and 125:
And... your remote exploit.(AAAAAAA
- Page 126 and 127:
A Second Cut: updated sslsniffsslsn
- Page 128 and 129:
What do we have to worry about?1) C
- Page 130 and 131:
What do we have to worry about?1) C
- Page 132 and 133:
Defeating OCSPOCSPResponse ::= SEQU
- Page 134 and 135:
Defeating OCSPOCSPResponse ::= SEQU
- Page 136 and 137:
Defeating OCSPOCSPResponse ::= SEQU
- Page 138 and 139:
Defeating OCSPOCSPResponse ::= SEQU
- Page 140 and 141:
Defeating OCSPOCSPResponse ::= SEQU
- Page 142 and 143:
PROPOSED STANDARDNetwork Working Gr
- Page 144 and 145:
What do we have to worry about?2) U
- Page 146 and 147:
Firefox/Thunderbird: A Case Study
- Page 148 and 149:
Firefox/Thunderbird: A Case Study
- Page 150 and 151:
Firefox/Thunderbird: A Case Study
- Page 152 and 153:
Postscript:Stripping NULL is no sol
- Page 154 and 155:
Postscript:Stripping NULL is no sol
- Page 156:
sslsniff and sslstrip:http://www.th