> The connection is secure. TLS doesn't defend against compromised devices.
I disagree. While the *network* connection itself may inhibit the rather technical notions of confidentiality and integrity, this is not what the average user would consider a "secure connection". Staying with a browser example, an unsuspecting user expects to communicate privately with a website. Yes, TLS alone cannot ensure this, but we are discussing a format which has the potential to scale attacks on users in a much easier way, and making awareness of users a requirement might be a near trivial countermeasure against that simplification. -- ``` M.Sc. Thomas Bellebaum Applied Privacy Technologies Fraunhofer Institute for Applied and Integrated Security AISEC Lichtenbergstraße 11, 85748 Garching near Munich (Germany) Tel. +49 89 32299 86 1039 thomas.belleb...@aisec.fraunhofer.de https://www.aisec.fraunhofer.de ```
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
