On Wed, Jul 29, 2020 at 5:36 PM Eric Rescorla <[email protected]> wrote: > I'm by no means denying the fact that MITM boxen >> are deployed, but the idea that some of them are >> "conformant" and some are not seems bogus. >> > > Well, they are either conformant with the text of 8446 S 9.3 or they are > not (and just to be clear, being conformant with 9.3 does not make them > good for the reason indicated above). >
This argument doesn't seem baseless, but I think these MITM documents also presume IETF consensus on the current PKI system, and I am not sure that has ever been tested. thanks, Rob
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
