Comment by bandrami
1 year ago
It's like the larger holy war against self-signed certificates in TLS. They are strictly better than plaintext but there is software that will prefer a plaintext connection to self-signed TLS.
1 year ago
It's like the larger holy war against self-signed certificates in TLS. They are strictly better than plaintext but there is software that will prefer a plaintext connection to self-signed TLS.
Unverifiable security is not "strictly better" than plaintext.
It is. In both cases you may be MiTMed, but with plaintext that MiTM session may also be eavesdropped upon.
This isn't really debateable. Unverified sig simply is strictly better.
In both cases you can be eavesdropped upon. It really isn't debatable indeed, unverifiable security is not security.
23 replies →