📅 Original date posted:2014-08-08
📝 Original message:>
> Certificate validation isn't needed unless the attacker can do a direct
> MITM
> at connection time, which is a lot harder to maintain than injecting a
> client.reconnect.
>
Surely the TCP connection will be reset once the route reconfiguration is
completed, either by the MITM server or by the client TCP stack when it
discovers the server doesn't know about the connection anymore?
TLS without cert validation defeats the point, you can still be connected
to a MITM at any point by anyone who can simply interrupt or corrupt the
stream, forcing a reconnect.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140808/e7ec4558/attachment.html>;
Mike Hearn [ARCHIVE] /
npub17t…4qgyd
2023-06-07 17:24:59
in reply to nevent1q…pv50
Author Public Key
npub17ty4mumkv43w8wtt0xsz2jypck0gvw0j8xrcg6tpea25z2nh7meqf4qgydPublished at
2023-06-07 17:24:59Event JSON
{
"id": "d55360ba36df0e52337648640d342bbe7badda9c01d48fe714274e8c4dc05365",
"pubkey": "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2",
"created_at": 1686151499,
"kind": 1,
"tags": [
[
"e",
"6cef07af0faac9707f80f8840d2c81c59eb26cce03afa7fdc1332a0b02a13efb",
"",
"root"
],
[
"e",
"3742459c03ce90270fa150f24771818b8e688d421198053ab033059deb4a728c",
"",
"reply"
],
[
"p",
"5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803"
]
],
"content": "📅 Original date posted:2014-08-08\n📝 Original message:\u003e\n\u003e Certificate validation isn't needed unless the attacker can do a direct\n\u003e MITM\n\u003e at connection time, which is a lot harder to maintain than injecting a\n\u003e client.reconnect.\n\u003e\n\nSurely the TCP connection will be reset once the route reconfiguration is\ncompleted, either by the MITM server or by the client TCP stack when it\ndiscovers the server doesn't know about the connection anymore?\n\nTLS without cert validation defeats the point, you can still be connected\nto a MITM at any point by anyone who can simply interrupt or corrupt the\nstream, forcing a reconnect.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140808/e7ec4558/attachment.html\u003e",
"sig": "99f1f440d2973f059b60ac280d52196365b0dcbeff1ef2494fdcd6730252742227f871099d868eb311293fe264ec64e9f1f413c82daeb06e32fa25555a1a9637"
}