Comment by marcosdumay
3 years ago
Given that the attack subverted the TLS certificates, I'd say key-based TOFU is still a better alternative.
Of course, checking the server key is better than not doing so, but any knee-jerk response to TOFU will probably make your security worse.
No comments yet
Contribute on Hacker News ↗