On Tue, Jul 14, 2015 at 01:49:36PM -0700, Martin Thomson wrote:
> On 14 July 2015 at 13:08, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > Yes, and informs the server that the client is skipping authentication,
> > which is often useful information on the server end.
>
> The problem here is that the server isn't the only recipient of that signal.
You forgot to mention that an on-path MiTM can hide the fact the
client is doing it from the server. For clients doing unauthenticated
TLS active attacks are not what they are defending against.
None of this is news. We should stop here.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
