Re: Protocol Design 101 (Re: Mandatory encryption)

Requiring TLS for server authentication would still be bad design
because the security requirement in most cases is mutual
authentication and TLS without encryption is not a good approach to
mutual auth.



On Wed, Jul 18, 2012 at 11:50 AM, Paul Hoffman <paul.hoffman@gmail.com> wrote:
> Given your views, would it be a good protocol design to require TLS
> for server authentication, and to allow but not require encryption?
> That is, do you think HTTP 2.0 with no mandatory server authentication
> is a good or bad protocol design?
>
> --Paul Hoffman
>



-- 
Website: http://hallambaker.com/

Received on Wednesday, 18 July 2012 16:15:54 UTC