I'm not talking about protecting those images-- I'm saying that without integrity *always*, a MITM can always downgrade anything, and you can't tell it was done. -=R On Tue, Nov 19, 2013 at 5:35 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote: > In message < > CAP+FsNdj-Ng02OA8CKT11fiVBp-zYwdYH9v+-ZZ+eCLMyX3w8g@mail.gmail.com> > , Roberto Peon writes: > > >Being able to run a handshake in parallel with whatever else can only > >happen when one doesn't need or want the integrity handshake, which is > >necessary for detecting a malicious filtering MITM (and yes one can never > >*prevent* such, but detection is quite important). > > My impression of the average site needing protection is that they > send me 100k of graphics to wrap around the two protected entry > fields for "username" and "password". > > I dont get the impression that they're particularly worried about > the integrity of the stock-photo of some smiling model or for > that matter the company logo or... > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. >
Received on Wednesday, 20 November 2013 01:40:33 UTC