On Fri, 30 Nov 2007, paranoid paranoia wrote:

>> I assume Dan meant that if the _server_ requested anonymous and the client
>> would agree to that, it would be an easy way for a middle-man to sneak in a
>> server.
>
> Hmm, interesting... you seem to be implying that there's a difference, and
> I simply cannot fathom why.

It would depend on how intentional the user's decision is and how informed he
is in how these things work. Given how hard people think SSL already is as it
works by default, I can imagine that knowledge of the details and specifics of
using ADH is very rare.

I guess others agree with this, since for example OpenSSL comes with ADH
disabled by default, the TLS standard mentions ADH as deprecated and RFC3268
(AES for TLS) specicly mentions several "special care must be taken" if ADH is
used and also mentions that it is vulnerable to man-in-the-middle attacks.

Not to mention that curl has supported SSL for a large number of years and
nobody ever reported this as a problem yet... Not even you do, you just come
up with a possible scenario that some user might experience.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html