Say Alice wants to open up an HTTPS connection to Bob through a proxy named Earl.

What prevents Earl from reading alices request, opening a connection pretending to be bob, and then opening a https connection with bob pretending to be Alice , and snooping on the traffic as it passes through ?

  • nomad@infosec.pub
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    This is a good question, I dont know who would downvote that.

    ELI5: Alice and bob have an aunt that knows them both and has an unfakeable voice recognition service that allows both to verify who they really speak to.