On Thu, 2014-04-10 at 11:11 -0400, Sean Breheny wrote:
> Thanks for the response, James.
>=20
> I guess I don't understand the purpose of this protocol. I thought (from
> the explanation which I read on one of the sites which discusses this
> exploit) that the purpose of this protocol was simply to deal with system=
s
> which require some continual data exchange to keep the link open.

No.  The purpose of the protocol is to ensure that the system you are
connected to is the system you THINK you are connected to, and ONLY that
system.

A common (and simple) exploit is a "man in the middle" attack, where
another node gets between you and your host and can monitor the flow of
information without you knowing.  SSL is intended to prevent that.

--McD


--=20
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.