Re: Protocol Design 101 (Re: Mandatory encryption)

Requiring TLS for server authentication would still be bad design
because the security requirement in most cases is mutual
authentication and TLS without encryption is not a good approach to
mutual auth.

On Wed, Jul 18, 2012 at 11:50 AM, Paul Hoffman <> wrote:
> Given your views, would it be a good protocol design to require TLS
> for server authentication, and to allow but not require encryption?
> That is, do you think HTTP 2.0 with no mandatory server authentication
> is a good or bad protocol design?
> --Paul Hoffman


Received on Wednesday, 18 July 2012 16:15:54 UTC