Hacker News new | past | comments | ask | show | jobs | submit login

Wireshark is OSS, any problems?



That does not mean you can verify that the encrypted content contains what is shown to you and only that. Let's not pretend that it does.


And how do you know some nefarious hacker didn't mess with your far easier to mess with unencrypted stream?


It's much easier to inspect at multiple points, and I know what to expect coming down the pipe.

There are multiple threat models, and having different options helps in different situations.

It's also not realistic for me to try to figure out what's going on inside an SSL or TLS library.

I'm OK with TLS being the default, but I believe in always providing a plaintext option.

TLS also introduces compatibility and accessibility issues. With regards to GPC specifically, requiring TLS cuts off access for a huge population of about 20 years' worth of older devices which work fine otherwise.

There are many, many situations where plaintext ability has allowed me to access my own resource where requiring TLS would have caused it to fail, and I'm certain there are many more which I cannot even anticipate ahead of time.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: