You're absolutely right that integrity checking needs to be built into
this. Exactly how that happens is still up in the air. A few months ago
at the face to face in SF I mentioned the need for fail fast able
Incremental integrity checking. I still want that.
On Nov 19, 2013 4:57 PM, "Roberto Peon" <grmocg@gmail.com> wrote:
> The distinct and important difference is that at least one party would be
> able to figure out that something odd is happening when integrity is
> available, where it is much more difficult when integrity isn't present.
> -=R
>
>
> On Tue, Nov 19, 2013 at 4:43 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:
>
>> In message <
>> CAP+FsNdjAVz8T3Dr895kwiZrnQv18YDJb1zyGECLZ-ct_EdXUg@mail.gmail.com>
>> , Roberto Peon writes:
>>
>> >The bigger problem is that the proxy might prevent the negotiation from
>> >occurring.
>>
>> ...In which case it is very likely also blocking any attempt to avoid
>> using the proxy, so your end-to-end attempt is not going to work either.
>>
>> Or if it works, it's probably on a trojaned cert.
>>
>> --
>> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
>> phk@FreeBSD.ORG | TCP/IP since RFC 956
>> FreeBSD committer | BSD since 4.3-tahoe
>> Never attribute to malice what can adequately be explained by
>> incompetence.
>>
>
>