assurance - Re: [Assurance] can two-factor be hacked ?
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [Assurance] can two-factor be hacked ?
- Date: Wed, 12 Mar 2014 14:10:59 -0400
On Wed, Mar 12, 2014 at 11:48 AM, Cantor, Scott
<>
wrote:
> On 3/12/14, 11:43 AM, "Tom Scavo"
> <>
> wrote:
>>
>>I don't understand the client cert use case as well as Duo but I
>>suspect it has the same weakness.
>
> It doesn't. There's no MITM attack with TLS client authentication, unless
> the server is mis-handling data it received prior to authentication and
> attaching it to a later connection from the authenticated client.
I must be missing something. If there's mutual authentication (as
Jacob described earlier), then I see how MiTM is avoided, but how does
ordinary TLS client authentication prevent a MiTM from replaying to
the authentic IdP?
Tom
- Re: [Assurance] can two-factor be hacked ?, (continued)
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Josh Alexander, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, David Walker, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
Archive powered by MHonArc 2.6.16.