Bram Cohen writes:
In the vast majority of cases, preventing man in the middle attacks is a waste of time.
In the sense that, in the vast majority of communications, there is no man in the middle attack being mounted? Couldn't the same thing be said of cryptography, since in the vast majority of cases there is no eavesdropping? The point in both cases is that if you construct a protocol which has weaknesses, eventually people may begin to exploit them. Building a supposedly secure crypto protocol which is weak against a man in the middle attack is an invitation to trouble. If you had reason to use cryptography in the first place, you have reason to fear a man in the middle attack. Designing against that threat is not a waste of time, it is insurance against future troubles. Ob