I think that's it in a nutshell. When we talk at the level of the design of protocols, we generally concede everything we can reasonably concede to the attacker, and then design against that well-armed attacker. Denying attackers the ability to redirect or inject traffic ties their hands behind their back.
There's really no such thing as an "purely passive" attacker. Since the 1990s, probably starting with the deployment of switched ethernet, active attacks have gotten steadily easier and more popular, and passive attacks less so.
The frustrating thing here is, we are so close to having this problem licked, but so many smart people are spending time concentrating on problems we don't have. What we need to do is to come up with a credible replacement for the Mozilla/Microsoft/Google-controlled CA system. It's probably no harder to solve that problem than it is to push adoption of weak unauthenticated protocols.
There's really no such thing as an "purely passive" attacker. Since the 1990s, probably starting with the deployment of switched ethernet, active attacks have gotten steadily easier and more popular, and passive attacks less so.
The frustrating thing here is, we are so close to having this problem licked, but so many smart people are spending time concentrating on problems we don't have. What we need to do is to come up with a credible replacement for the Mozilla/Microsoft/Google-controlled CA system. It's probably no harder to solve that problem than it is to push adoption of weak unauthenticated protocols.