Indeed, that was precisely the intended result. MitM attacks are possible to detect; passive listening attacks are not.
On Fri, May 6, 2016 at 4:59 AM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > On Wed, May 04, 2016 at 10:13:09PM +0000, > Adrien de Croy <adr...@qbik.com> wrote > a message of 316 lines which said: > > > TLS was designed to provide data integrity and security, but not in > > the face of MitM attacks. > > You're playing with words here. It all depends if you use TLS in the > strict sense (just the protocol) or the wider one (with > authentication; note that authentication is a official part of the > spec, in section 7 of RFC 5246, it is not delegated to some other > RFC). > > > Google's push for https everywhere has in our experience provided > > significant incentive for MitM deployment. > > It seems an argument straight from the attackers: "we are forced to > improve our attacks because the users - the bastards, how do they > dare? - improved their defenses". > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
