|
|
|
|
|
|
by pdkl95
4608 days ago
|
|
|
No, it's not worthless. It /raises the cost/ of an attack, by forcing an adversary to implement a more complicated, expensive MitM attack, instead of simply using passive eavesdropping/packet-sniffing. And to those bringing up the tired, old rebuttal of this providing "worse" security due to a false sense of protection: that's only relevant if the browser is written idiotically and suggests this is in some way the same security as the fully-authenticated version. They should not be showing a "closed padlock" and changing the address bar color for self-signed SSL! |
|
|