Richard Barnes <r...@ipv.sx> wrote: > On Thu, Feb 19, 2015 at 1:26 AM, Brian Smith <br...@briansmith.org> wrote: >> IMO, unauthenticated TLS is so different from secure use of TLS that >> it deserves its own document once we've learned what the *best* >> *current* practices for unauthenticated TLS are, which we currently do >> not know. > > I'm curious how you think unauthenticated TLS is so dramatically different. > I mean, WebRTC connections are all unauthenticated, and they look exactly > the same on the wire as authenticated connections -- the endpoints just > don't check the certs.
Sorry, allow me to edit that: Unauthenticated TLS deserves its own document once we've learned what the *best* *current* practices for unauthenticated TLS are, which we currently do not know. Obviously, since we don't know the best current practices for unauthenticated TLS (except, possible, to avoid it), we can't meaningfully discuss how they are different from best best current practices for authenticated TLS, which is what the UTA working group discussed to produce this document. Cheers, Brian _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
