< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] [reSIProcate-commit] resiprocate 7084 nash: Security.cxx/hxx:


It is easy to create certs/CA's/etc in a test lab where you control
DNS.  TFM could be tweaked to provide similar capabilities.

Changing the security code to allow insecure communications is a bad
idea; it opens the door to new security problems and would give anyone
reviewing the code for security correctness fits.

I think we should revert this.

-Derek

On 4/20/07, Nash Tsai <nash.teltel@xxxxxxxxx> wrote:
It allows you the flexibility of not doing server authentication
check, probably useful for debugging environment.


Nash

On 4/19/07, Jason Fischl <jason@xxxxxxxxxxxxxxx> wrote:
> On 4/19/07, svn@xxxxxxxxxxxxxxx <svn@xxxxxxxxxxxxxxx> wrote:
> >
> > Projectresiprocate
> > New Revision7084
> > Committernash (Nash Tsai)
> > Date2007-04-19 03:50:33 -0500 (Thu, 19 Apr 2007)
> > Log  Security.cxx/hxx:
> >   allow to disable server authentication
> >
> Why is this ever a good idea? In what cases is TLS doable without
> doing server authentication? I don't think this is a good interface or
> capability to add.
>
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel