|
|
|
|
|
|
by jvdongen
5161 days ago
|
|
|
I now see your 'PS' (perhaps added while I was adding my comment?) - however I cannot follow the argument you make. IF you assume that MITM-attacks are rare, you probably also assume that traffic snooping is rare (which is after all a form of a MITM-attack). If that's the case, why use encrypted communication channels at all? Security is never perfect - it always is about adding layer upon layer to make the bar high enough that the remaining number of adversaries becomes more manageable. Spoofing a site that is not using SSL is trivial. Using SSL with public CA signed certificates significantly raises the bar. Not to the 'perfect' level, but enough to make a real difference. Not checking the server certificate throws you back to the 'trivial' level. |
|
|
"IF you assume that MITM-attacks are rare, you probably also assume that traffic snooping is rare (which is after all a form of a MITM-attack)"
Well, no! You can snoop traffic without being the MITM (WiFi, local network snooping, etc). Snooping is much more easier.
As you said, security is never perfect, and 'security implementers' less so.
If the other part of the communication uses a self signed certificate (or signed by "Bob's SSL") well, I can try to convince them to change, but it will be hard.
Sure, I'll never accept a self signed key from my bank or e-commerce, but there are several other uses.
And when using APIs to connect to https you should be able to tell it to ignore the certificate, it doesn't matter, way more often than the opposite, unless you don't trust your ISP.