Re: Gopher over TLS
On 06/12/2021 16:48, wzk@quietsche-entchen.de wrote:
of course the reason for TLS is (to state the obvious) that someone in
between might read or even modify the data the client gets. If we assume
a man-in-the-middle then the TLS option would be taken out of the CAPS
response, which is why this may not work reliably.
If you assume a MITM, then the attacker can just as easily answer in
place of the target server and cut out whatever he wants (incl. TLS
support in the first place, or replace it with his own TLS certificate).
In such context, the "opportunistic TLS" scenario doesn't make sense anyway.
Mateusz
Reply to: