- From: Jason Greene <jason.greene@redhat.com>
- Date: Mon, 17 Nov 2014 12:09:49 -0600
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Roland Zink <roland@zinks.de>, ietf-http-wg@w3.org
> On Nov 17, 2014, at 6:56 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > -------- > In message <5469EE2F.2020108@zinks.de>, Roland Zink writes: > > Actually I think the most important part is this: > >>>> Encryption >>>> should be authenticated where possible, but even protocols providing >>>> confidentiality without authentication are useful in the face of >>>> pervasive surveillance as described in RFC 7258. > > Will browsers finally stop treating self-signed-certs as if they > were highly radioaktive ? Even better would be to support anonymous ECDH. Why bother requiring all of these fake certs to be generated when they have no legit purpose. -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
Received on Monday, 17 November 2014 18:10:20 UTC