For each paper, you should submit two text files via the Gradescope submission web site, as described below. The submission is due before lecture. (The Gradescope entry code for 6.5660 is 3JZ23X.)
answer.txt
.
question.txt
. You cannot use the question below. To the
extent possible, during lecture we will try to answer these questions. If
you submit your question before midnight the day before lecture, then there
is a chance we will answer by email. Below, we have included the questions
we've received from students in past years (when available), along with
answers to those questions, in case you find it helpful.
Lecture 16
Two simple questions to make you think about this paper: 1) Why does the SSL 3.0 design accept SSL 2.0 connections? It is simpler to only accept SSL 3.0 connections, and it avoids the risk of rollback attacks described in Section 4.6. 2) The second figure of Section 4.3 shows the attack flow for deleting a change-cipher message. The fix requires an additional check. Where in the flow should SSL perform this check?