As I said in another email, without client authentication (which is the scenario in the Karthik quote), data sent by the server should be considered secure only against passive adversaries. Any additional assumption on confidentiality (i.e., restricting the power of an active attacker) must consider some form of client authentication, either implicit or explicit. Both cases must be dealt with with care, especially the implicit ones (e.g. authentication implied by application mechanisms and semantics).
On Thu, Feb 25, 2016 at 7:29 AM, Martin Rex <m...@sap.com> wrote: > Karthikeyan Bhargavan wrote: > > > > Yes Hugo, you?re right that when there is no client auth, > > the situation is less problematic. > > I'm not so sure. > > There might be the desire of the server to keep some data confidential, > and your argument is that if the data wasn't confidential to begin with, > the server is not "breaking" confidentiality--although the server is > clearly doing this. > > But what about the client and the client's desire to keep confidential, > which particular "public data" it is just requesting and receiving > from the server. > > > -Martin >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
