assurance - Re: [Assurance] can two-factor be hacked ?
Subject: Assurance
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Assurance] can two-factor be hacked ?
- Date: Wed, 12 Mar 2014 18:21:00 +0000
- Accept-language: en-US
On 3/12/14, 2:10 PM, "Tom Scavo"
<>
wrote:
>
>I must be missing something. If there's mutual authentication (as
>Jacob described earlier), then I see how MiTM is avoided, but how does
>ordinary TLS client authentication prevent a MiTM from replaying to
>the authentic IdP?
There is mutual authentication. A TLS connection with certs on both ends
involves proof of key possession by both endpoints that leads to the
session key(s) used. The only risk is not waiting for that final state of
affairs before sending data, but that's just an application flaw.
-- Scott
- RE: [Assurance] can two-factor be hacked ?, (continued)
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Josh Alexander, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, David Walker, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
Archive powered by MHonArc 2.6.16.