|
|
|
|
|
|
by umaguma
3853 days ago
|
|
|
"... because you can trivially MITM someone..." This assumes the user is relying on certificates for authentication. Certificates that are likely tied to domain names. What if the user authenticates by another means? SSH keys, real life meeting and exchange of keys, keys printed on paper and sent in the postal mail, etc. No domain name involved. There are other ways to authenticate an endpoints besides domain names and certificates. It's possible to have encryption without authentication. It's also possible to have each of encryption and authentication handled by a different program. What we have now are programs that try to do both, and may do a very bad job of one at the expense of the other. These programs provide a false sense of "security". The fundamental question: Are domain names easier to MITM than IP addresses? |
|
|