|
|
|
|
|
|
by thayne
1951 days ago
|
|
|
https without certificate verification still leaves you vulnerable to MITM, as long as the attacker can intercept, and manipulate, the session negotiation. However, I do think there is value in a trust-on-first-use (TOFU) model for trusting self-signed certificates. The biggest challenge is how to educate users on when it would be appropriate to accept the risks of TOFU. |
|
|