Oh, shit, was that the PalmPilot? That would explain a lot.
You're right, the fallback to cleartext is definitely worse, making you vulnerable to a passive MITM, where the SSLv3 or javascript methods would only be vulnerable to an active MITM. I could see maybe throwing in a noscript section that tells you the password will be sent in cleartext.
no subject
You're right, the fallback to cleartext is definitely worse, making you vulnerable to a passive MITM, where the SSLv3 or javascript methods would only be vulnerable to an active MITM. I could see maybe throwing in a noscript section that tells you the password will be sent in cleartext.