[reSIProcate] [reSIProcate-commit] resiprocate 7084 nash: Security.cxx/hxx:
Nash Tsai
nash.teltel at gmail.com
Tue Apr 24 14:31:19 CDT 2007
It's branched, want me to revert it?
Nash
On 4/25/07, Jason Fischl <jason at counterpath.com> wrote:
> I don't think we should do this. It provides too much opportunity for
> a production system to have all of its security disabled. If this is
> needed, it should be provided on a branch.
>
> On 4/20/07, Derek MacDonald <derek at counterpath.com> wrote:
> > It is easy to create certs/CA's/etc in a test lab where you control
> > DNS. TFM could be tweaked to provide similar capabilities.
> >
> > Changing the security code to allow insecure communications is a bad
> > idea; it opens the door to new security problems and would give anyone
> > reviewing the code for security correctness fits.
> >
> > I think we should revert this.
> >
> > -Derek
> >
> > On 4/20/07, Nash Tsai <nash.teltel at gmail.com> wrote:
> > > It allows you the flexibility of not doing server authentication
> > > check, probably useful for debugging environment.
> > >
> > >
> > > Nash
> > >
> > > On 4/19/07, Jason Fischl <jason at counterpath.com> wrote:
> > > > On 4/19/07, svn at resiprocate.org <svn at resiprocate.org> wrote:
> > > > >
> > > > > Projectresiprocate
> > > > > New Revision7084
> > > > > Committernash (Nash Tsai)
> > > > > Date2007-04-19 03:50:33 -0500 (Thu, 19 Apr 2007)
> > > > > Log Security.cxx/hxx:
> > > > > allow to disable server authentication
> > > > >
> > > > Why is this ever a good idea? In what cases is TLS doable without
> > > > doing server authentication? I don't think this is a good interface or
> > > > capability to add.
> > > >
> > > _______________________________________________
> > > resiprocate-devel mailing list
> > > resiprocate-devel at list.resiprocate.org
> > > https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
> > >
> >
>
More information about the resiprocate-devel
mailing list