On 14 July 2015 at 12:30, Andrei Popov <andrei.po...@microsoft.com> wrote: > The downside is of course that the attacker can easily distinguish > opportunistic clients from server-authenticating ones. Is this a concern for > the opportunistic TLS community?
I raised the concern about this previously. Opportunistic MitM happens, and providing a strong signal that the connection won't be (or couldn't be) authenticated somehow is a problem for that. I'd rather have opportunistic security be indistinguishable from "real" security. It also means that you don't have separate code paths to support. The anonymous modes serve a different purpose. For instance tcpinc could use them. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
