|
-------- Original Message --------
On 12/07/2013 05:14 AM, Stephen
Farrell wrote:
The lack of confidentiality lets the adversary win the race unless you assume 100% coverage of authenticated JS and 100% validation of that and that there are no diginotar like entities involved in the currently non-existent JS authentication infrastructure.Well, we do have some HTTP uses where encryption that hides the content won't be allowed, and thus authentication is important. We can't have encryption when we use HTTP over Amateur Radio in the US and many other countries. There is self-policing on ham frequencies that requires that people be able to copy other people's transmissions, and encryption defeats that. Obviously we don't put confidential data on those frequencies, that belongs on your cell phone. So, an authentication-only WiFi protocol is needed for Amateur Radio, and possibly an authentication-only version of TLS. Even when authentication is not available end-to-end, we gain something by inserting it at the radio gateway. There are also some situations involving legal minors or prisoners where there should be monitoring. So an authentication-only protocol is interesting for that too. Thanks Bruce |
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
