Andrew,
AN> Does this imply that the strong authentication provided by certificate
AN> validation of TLS is to be subjugated by CSV, which is most likely to
AN> be weaker authentication?
Your question is so confusing to me that I don't care whether of the
other responses guess your meaning correctly.
Since I believe that there is nothing in the CSV text that affects the
nature of TLS, nevermind "subjugating" it, I would appreciate your
clarifying your question thoroughly. Honest, I cannot comprehend how
you arrived at such a question or what, exactly, it really means.
AN> Also, I think many security-minded folks may disagree with the
AN> characterization in the first paragraph. Opportunistic encryption with
encryption is not the same as authentication, and server
authentication is not the same as client authentication.
does our spec need to include a short tutorial on the difference?
d/
--
Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
Brandenburg InternetWorking <http://www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>