RE: 2 questions

Date: Mon, 30 Mar 2015 20:53:05 +0000
Subject: Re: 2 questions


>think of someone or company uses Internet for e-commerce; e.g. presenting his products is public for anybody; this doesn't need to be presented in TLS, 

Is this still a valid assumption?

I might not particularly, initially, care about confidentiality.  But I think I would still care about the integrity benefits (Am I talking to the site I think I am talking to?, is there a man in the middle?, etc.)
> so how do you get integrity benefits when there is a MitM?  Client certificates?  Good luck with that.
 Why are client certificates needed? Client certificates are for the servers to authenticate clients, but what Dan said was "am I talking to the site I think I am talking to". The assurance of integrity is provided by the normal TLS without client certs.

Received on Monday, 30 March 2015 22:53:31 UTC