Re: null ciphers in 9.2.2

On 30 September 2014 13:25, FOSSATI, Thomas (Thomas)
<> wrote:
> true for https resources.  But I can't find any explicit reference to https in 9.2 (and subsections), therefore I was inferring that those requirements also apply to opp-sec use of TLS?

Would you like to make an argument for integrity-only for
opportunistic security?  I can't imagine any argument that I'd find
compelling, but am always willing to be surprised.

Received on Tuesday, 30 September 2014 20:35:26 UTC