what gives you the suggestion that the user agent or the httpd server would notice any modification of plaintext bytes in transit through a router or other network intermediate?
Isn't this authentication is for?

--

With Best Regards,
Marat Khalili

On 08/12/15 08:54, William A Rowe Jr wrote:

On Dec 7, 2015 11:36 PM, "Marat Khalili" <mkh@rqc.ru> wrote:
>>
>> Everything *after* that handshake, in cleartext, is open for inspection or for manipulation
>
> Are you sure about the manipulation part? Why do you think encryption helps here then?

To turn the question around, what gives you the suggestion that the user agent or the httpd server would notice any modification of plaintext bytes in transit through a router or other network intermediate?