[Dylan16807]

> which means you may as well use TLS

Even if you don't authenticate at all, it makes it much more expensive to intercept all these connections.

And TLS lacks a way to automatically apply it to all connections.

Also I don't understand what scenario you're outlining with B.

[Spivak]

Client <-> Evil Middlebox <-> Real Web Server

Client establishes a tcpcrypt session with what it thinks is Real Web Server but is actually Evil Middlebox replaying the request to the server and the response back to the client.

[Dylan16807]

Oh so A and B are describing the same scenario, okay.

[Spivak]

Yeah, I'm not sure what the parent was getting at separating them out since from the clients perspective they're the same. I guess they mean that getting a tcpcrypt connection on your server isn't a guarantee that there isn't a middlebox either.

[PowerBar]

They were alternative ways to prevent a MITM, but they both have solutions solved by existing TLS.