Nope. An unverified TLS session still cannot be examined by a third party. You know you are communicating with exactly one party, even if you don't know who that is.
Your attacker may share the data with a third party, but that's true of verified connections too.
It is. In both cases you may be MiTMed, but with plaintext that MiTM session may also be eavesdropped upon.
This isn't really debateable. Unverified sig simply is strictly better.
In both cases you can be eavesdropped upon. It really isn't debatable indeed, unverifiable security is not security.
Nope. An unverified TLS session still cannot be examined by a third party. You know you are communicating with exactly one party, even if you don't know who that is.
Your attacker may share the data with a third party, but that's true of verified connections too.
22 replies →