|
|
|
|
|
|
by adamtj
4017 days ago
|
|
|
A MITM can easily spoof IP addresses. You can't trust unsigned data, and IP address headers aren't signed. You also can't trust signed data if you don't trust the signature. That's the real problem here. This whole protocol is an attempt to establish trust, but it's based only on temporary control of a server's network traffic. Probably that's the legitimate owner of the domain, but maybe it's somebody malicious who merely had access to their network for a time. You can't really be sure. |
|
|