Re: [reSIProcate] [reSIProcate-commit] resiprocate 7084 nash: Security.cxx/hxx:
It is easy to create certs/CA's/etc in a test lab where you control
DNS. TFM could be tweaked to provide similar capabilities.
Changing the security code to allow insecure communications is a bad
idea; it opens the door to new security problems and would give anyone
reviewing the code for security correctness fits.
I think we should revert this.
-Derek
On 4/20/07, Nash Tsai <nash.teltel@xxxxxxxxx> wrote:
It allows you the flexibility of not doing server authentication
check, probably useful for debugging environment.
Nash
On 4/19/07, Jason Fischl <jason@xxxxxxxxxxxxxxx> wrote:
> On 4/19/07, svn@xxxxxxxxxxxxxxx <svn@xxxxxxxxxxxxxxx> wrote:
> >
> > Projectresiprocate
> > New Revision7084
> > Committernash (Nash Tsai)
> > Date2007-04-19 03:50:33 -0500 (Thu, 19 Apr 2007)
> > Log Security.cxx/hxx:
> > allow to disable server authentication
> >
> Why is this ever a good idea? In what cases is TLS doable without
> doing server authentication? I don't think this is a good interface or
> capability to add.
>
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel