Hans Petter Selasky <[email protected]> wrote: > As a proposal in general, entertainment content providers, do not require > the same level of confidence, that the data really comes from the server as > the security certificate indicates, which other content providers like banks > require.
It sounds to me like this approach makes inappropriate assumptions about end-users' threat models and allows a class of malleability attacks which could range from simple data corruption to - conceivably, under the right circumstances - arbitrary code execution. To me, transport _security_ does indeed require all three of confidentiality, integrity, and authenticity. -Jan _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
