Re: New Version Notification for draft-snell-httpbis-keynego-01.txt

I'm not talking about protecting those images-- I'm saying that without
integrity *always*, a MITM can always downgrade anything, and you can't
tell it was done.
-=R


On Tue, Nov 19, 2013 at 5:35 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <
> CAP+FsNdj-Ng02OA8CKT11fiVBp-zYwdYH9v+-ZZ+eCLMyX3w8g@mail.gmail.com>
> , Roberto Peon writes:
>
> >Being able to run a handshake in parallel with whatever else can only
> >happen when one doesn't need or want the integrity handshake, which is
> >necessary for detecting a malicious filtering MITM (and yes one can never
> >*prevent* such, but detection is quite important).
>
> My impression of the average site needing protection is that they
> send me 100k of graphics to wrap around the two protected entry
> fields for "username" and "password".
>
> I dont get the impression that they're particularly worried about
> the integrity of the stock-photo of some smiling model or for
> that matter the company logo or...
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>

Received on Wednesday, 20 November 2013 01:40:33 UTC