Integrity protection text:
This document assumes that data integrity protection is always
one of
the goals of a deployment. In cases when integrity is not required,
it does not make sense to employ TLS in the first place. There are
attacks against confidentiality-only protection that utilize the
lack
of integrity to also break confidentiality (see e.g.
[DegabrieleP07]
in the context of IPsec).
It is not clear whether this is talking about integrity via
authenticated key exchange? Or integrity protection of the data
stream via HMAC, AEAD, ...? If the former, then there is once again
a conflict with keeping opportunistic TLS in scope.
I think we're talking about integrity protection of the data stream, but
I will check that with my co-authors.
Yes, this is why we talk about *data* integrity protection on the first
line.
Thanks,
Yaron
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
