>
> Certificate validation isn't needed unless the attacker can do a direct
> MITM
> at connection time, which is a lot harder to maintain than injecting a
> client.reconnect.
>
Surely the TCP connection will be reset once the route reconfiguration is
completed, either by the MITM server or by the client TCP stack when it
discovers the server doesn't know about the connection anymore?
TLS without cert validation defeats the point, you can still be connected
to a MITM at any point by anyone who can simply interrupt or corrupt the
stream, forcing a reconnect.
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
