Am 2021-12-06 17:57, schrieb Mateusz Viste:
On 06/12/2021 16:48, wzk@quietsche-entchen.de wrote:
of course the reason for TLS is (to state the obvious) that someone in between might read or even modify the data the client gets. If we assume a man-in-the-middle then the TLS option would be taken out of the CAPS response, which is why this may not work reliably.
If you assume a MITM, then the attacker can just as easily answer in place of the target server and cut out whatever he wants (incl. TLS support in the first place, or replace it with his own TLS certificate). In such context, the "opportunistic TLS" scenario doesn't make sense anyway. Mateusz
Now that I think about it, I see you're right. Thank you.
Regards, Wolfgang
|