If you don't verify what is sent, I could easily send you a malicious web form. If you don't verify the key or cert behind the connection, anyone can claim to be x site.
Stopping snooping by encrypting without strictly checking certificates the first time you connect is better than not using encryption because it stops dragnet surveillance.
Also, active attacks (like MITM) are harder to do and easier to detect than passive attacks (snooping).
It doesn't prevent snooping -- you can still be MITM'd. It does however, make snooping much harder because it has to be done actively.
If you don't verify what is sent, I could easily send you a malicious web form. If you don't verify the key or cert behind the connection, anyone can claim to be x site.
Stopping snooping by encrypting without strictly checking certificates the first time you connect is better than not using encryption because it stops dragnet surveillance.
Also, active attacks (like MITM) are harder to do and easier to detect than passive attacks (snooping).
That would make dragnet surveillance easier. Just MITM everything and you'll be the Trusted Source™ for all traffic.
2 replies →