Without authenticators such as shared secrets or public keys, it is
obvious that SSL or TLS does nothing against a classic
man-in-the-middle
attack.
If you read the damn spec you will realise that it is obvious that
it supports that use. I fact I don't believe SSL supports any other
use whatsoever.
So your statement being vulnerable against a man in the middle
attack would be pure unadulterated B/S.
As is the rest of your message.
Go read Bruce Schnier's Secrets and Lies. It took a long time before
he understood that security was a matter of risk control rather than
risk elimination.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg