On Saturday, October 10, 2015 10:35:16 pm Viktor Dukhovni wrote: > This is not difficult, it just requires not forgetting that there's > more than one way to do (or not do) authentication, and that the > TLS protocol needs to remain largely agnostic of the authentication > model. Just deliver the available credentials to the peer, and > let the peer decide what to do.
It's the "or not do" that's the issue, not the other ways to do authentication that I'm concerned about. As I said, it looks like we can word this properly in a way that works for everyone. I just feel like the best way to cover the OE case fully is to address it in a separate section, explicitly, rather than (just) tweak wording to accommodate it. Even TOFU is more straightforward than OE, because at least with that it always follows basically the same pattern. OE requires you take what would normally be a blatant catastrophic error, but wave a wand and say it's OK for this separate use case. That may be true, but that doesn't make it any less of a blatant catastrophic error when that's not the case. I'm worried about having these not be completely distinct for the same reason you don't put a self-destruct button next to a light switch, no matter how well labeled. ;) Also, I want the spec to anticipate some peers being incredibly stupid and avoid making it easy to mess things up. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
