28 Jan
2015
28 Jan
'15
3:35 p.m.
[...]
Unfortunately, MITM is also possible for SSL and SSH ( http://en.wikipedia.org/wiki/Man-in-the-middle_attack#Implementations lists publicly available implementations to execute them!).
To mitigate the attack, basically the only option listed at http://en.wikipedia.org/wiki/Man-in-the-middle_attack#Defenses_against_the_a... that's available to us, hasn't been implemented (yet) by most large parties either (definitely not GitHub or Google): it's the roll-out of DNSSEC.
I suggest you read https://www.imperialviolet.org/2015/01/17/notdane.html before putting your hopes into DNSSEC.
--
Stelian Ionescu a.k.a. fe[nl]ix
Quidquid latine dictum sit, altum videtur.
http://common-lisp.net/project/iolib