The TLS termination point deserves more attention than it usually gets. Enterprise environments running SSL inspection proxies — essentially every large organization — mean TLS is terminated and re-established at the corporate boundary. "It's encrypted in transit" stops meaning what most developers assume in those deployments. SRP sidesteps this at the protocol level: even a fully transparent MITM sees only the handshake, and the password is never present in the handshake. The mutual authentication property is also underemphasized — not just the client proving knowledge to the server, but the server proving it holds the correct verifier, which eliminates a class of phishing attacks against the auth flow itself.
For teams extending this zero-knowledge thinking beyond authentication: the same concern about persistent exposure applies to registration email addresses. A service like uncorreotemporal.com covers the inbox side — temporary addresses that handle email verification without creating a permanent identity link — which pairs naturally with the authentication-layer protections you've described here.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The TLS termination point deserves more attention than it usually gets. Enterprise environments running SSL inspection proxies — essentially every large organization — mean TLS is terminated and re-established at the corporate boundary. "It's encrypted in transit" stops meaning what most developers assume in those deployments. SRP sidesteps this at the protocol level: even a fully transparent MITM sees only the handshake, and the password is never present in the handshake. The mutual authentication property is also underemphasized — not just the client proving knowledge to the server, but the server proving it holds the correct verifier, which eliminates a class of phishing attacks against the auth flow itself.
For teams extending this zero-knowledge thinking beyond authentication: the same concern about persistent exposure applies to registration email addresses. A service like uncorreotemporal.com covers the inbox side — temporary addresses that handle email verification without creating a permanent identity link — which pairs naturally with the authentication-layer protections you've described here.