Keith Moore <[email protected]> wrote: > I strongly doubt that this is appropriate advice for all (or even most) > applications or protocols. In particular, if there's some reason to believe > that a server intended to provide a verifiable cert, if that cert is in fact > not verifiable, this is an error condition that shouldn't (inherently) be > masked by silently treating the connection as if it were cleartext.
If you have "some reason", then you must have pre-configuration of a
bilateral nature. That clue can certainly be automatic; such as coming
From a DNS(SEC) DANE certificate of the right type, or an application
asserting some kind of channel binding.
> Yes, it's more work and expense for a site to maintain valid CA-signed
certs.
That is no longer the only option.
> cleartext operation, and so little affinity between clients and servers,
that
> it will be very difficult to do better than OE.
I really think it's important that people not think of OE as a step towards
something else.
If plaintext is unacceptable, then it's not OE: it's DANE signaled
SMTP(STARTTLS), or ...
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgprbsdhkFtvr.pgp
Description: PGP signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
