On Mon, Jul 13, 2015 at 10:31:16PM +0000, Andrei Popov wrote:
> When old algorithms are deprecated and new algorithms replace them in
> actual deployments (a very slow process), an opportunistic client would
> need to be updated, just like a normal server-authenticating client does.
> Except for the opportunistic client this update would be rather trivial.
>
> Alternatively, can an opportunistic client explicitly negotiate anonymous
> connections?
Postfix tries to, as hard as it can, but many servers do not offer
anon_DH cipher suites, and under-informed auditors give system
administrators a hard time when they are offered.
Furthermore, DANE-EE(3) clients and certificate pinning clients
cannot use anon_DH, they still a recognizable certificate from the
server, they just often don't need a recognizable signature. Even
DANE-TA(2) clients might be able to stop part-way up the chain
before the objectionable signature appears.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
