On 12/07/2017 10:50 PM, Poul-Henning Kamp wrote:
You can't have the latter without the former. Assertion of identity is
the only protection against MITM eavesdropping or tampering.
Or more generally:
If you dont/cant trust the other end, why would you trust them to
keep the communication secret ?
I'm curious as to your take on electronic banking. Should they all
merely use HTTP since HTTPS is hopelessly compromised by design? If your
objection is that HTTPS bring nothing to the security table, then it
really doesn't make a difference where it's used and we should all just
stop using it, no?
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
