*Non-authenticated TLS is trivially vulnerable to MITM attacks.* I don't think a... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jessaustin on Aug 6, 2014 | parent | context | favorite | on: Strengthening HTTP: A Personal View

Non-authenticated TLS is trivially vulnerable to MITM attacks.

I don't think a well-implemented TOFU/POP policy would be "trivially vulnerable", but it would still accommodate self-signing. Standardizing this would have been a worthy goal for IETF.

TazeTSchnitzel on Aug 6, 2014 [–]

I'd argue that even if it is MITM-vulnerable, it's still very useful, as it makes passive surveillance impossible.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact