On 03/24/2014 11:44 AM, Michael Richardson wrote:
Keith Moore <[email protected]> wrote:
> I strongly doubt that this is appropriate advice for all (or even most)
> applications or protocols. In particular, if there's some reason to
believe
> that a server intended to provide a verifiable cert, if that cert is in
fact
> not verifiable, this is an error condition that shouldn't (inherently) be
> masked by silently treating the connection as if it were cleartext.
If you have "some reason", then you must have pre-configuration of a
bilateral nature. That clue can certainly be automatic; such as coming
From a DNS(SEC) DANE certificate of the right type, or an application
asserting some kind of channel binding.
DANE isn't "pre-configuration of a bilateral nature" and no, "some
reason" isn't limited to such pre-configuration.
> Yes, it's more work and expense for a site to maintain valid CA-signed
certs.
That is no longer the only option.
I didn't say it was.
> cleartext operation, and so little affinity between clients and servers,
that
> it will be very difficult to do better than OE.
I really think it's important that people not think of OE as a step towards
something else.
I think it's silly to artificially limit the applicability of OE. We
have few enough tools already without deliberately hampering our ability
to use them.
Keith
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
