< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] [reSIProcate-commit] resiprocate 7084 nash: Security.cxx/hxx:


I don't think we should do this. It provides too much opportunity for
a production system to have all of its security disabled. If this is
needed, it should be provided on a branch.

On 4/20/07, Derek MacDonald <derek@xxxxxxxxxxxxxxx> wrote:
It is easy to create certs/CA's/etc in a test lab where you control
DNS.  TFM could be tweaked to provide similar capabilities.

Changing the security code to allow insecure communications is a bad
idea; it opens the door to new security problems and would give anyone
reviewing the code for security correctness fits.

I think we should revert this.

-Derek

On 4/20/07, Nash Tsai <nash.teltel@xxxxxxxxx> wrote:
> It allows you the flexibility of not doing server authentication
> check, probably useful for debugging environment.
>
>
> Nash
>
> On 4/19/07, Jason Fischl <jason@xxxxxxxxxxxxxxx> wrote:
> > On 4/19/07, svn@xxxxxxxxxxxxxxx <svn@xxxxxxxxxxxxxxx> wrote:
> > >
> > > Projectresiprocate
> > > New Revision7084
> > > Committernash (Nash Tsai)
> > > Date2007-04-19 03:50:33 -0500 (Thu, 19 Apr 2007)
> > > Log  Security.cxx/hxx:
> > >   allow to disable server authentication
> > >
> > Why is this ever a good idea? In what cases is TLS doable without
> > doing server authentication? I don't think this is a good interface or
> > capability to add.
> >
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>