*Then again by doing mitm you could maybe poison the cache with a known content ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		icebraining on Sept 23, 2011 \| parent \| context \| favorite \| on: SPDY: What I Like About You Then again by doing mitm you could maybe poison the cache with a known content having the same hash (depends on the complexity of solution of course). That should be almost impossible; I mean, digital signatures (include PGP) are still considered safe, as far as I know.

viraptor on Sept 23, 2011 [–]

What I meant is that if it has to be sent outside of the protected stream, it could be also exchanged with mitm. Unless the hash itself is somehow related to the stream in a visible way. That kind of implementation complexity, rather than the signature/hash complecity.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact