On Mon, Apr 4, 2016 at 3:36 PM, Dan Harkins <dhark...@lounge.org> wrote:
> > > On Mon, April 4, 2016 7:17 am, Watson Ladd wrote: > > Usually what happens is the server generates a self-signed certificate > and the apps are given some "username" and "password" and the app > ignores the unauthenticated nature of the TLS connection and sends > the u/p credential on through. Isn't this use case more of an argument for an updated auth-digest to use something better than MD5? I'm not convinced MITM is a real concern for a typical IoT environment (however that's defined - I'm assuming http in a domestic environment). Best wishes, Phil Lello
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
