|
|
|
|
|
|
by donaldstufft
1115 days ago
|
|
|
It is true that an unverified TLS session does prevent passive attacks it does not prevent against "active" attacks. The general consensus is that it's not a useful property to differentiate passive from active here, since every passive attack can be upgraded to work as an active attack, on top of the fact that explaining the subtle differences to people is extremely difficult (and since they can be upgraded to active attacks, not worth it). |
|
|