Reply to post: Re: lesser threat

TLS proxies? Nah. Truthfully Less Secure 'n' poxy, say Canadian infosec researchers


Re: lesser threat

> provide a warning, and a way for the user to continue past the warning if they deem the risk is acceptable, or if they just don't care.

we had this kind of behaviour in browsers, it is exactly the reason why BEAST was exploitable

and showing HTML error that the user can click through is way, way too late – the authentication cookies were already sent over the insecure channel

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022