DH Support and Marketing

Brian Smith avalon73 at caerleon.us
Wed Jun 22 18:24:51 PDT 2005

On Wed, 22 Jun 2005, Nathan D. Bowen wrote:

> I would ask (and am asking) for your help in explaining the security 
> benefits of allowing the unencrypted option, because I don't understand 
> it and I'm having trouble explaining it to others.

The way I understood it, from emails earlier in the mailing list archives, 
is that it's optional because in the case where you do have SSL on the 
connection it's a little redundant.  I've yet to see a generic way for a 
CGI/PHP script to know whether the connection was already secure or not.

If a consumer wants to refuse negotiating with a server that ignores the 
DH request over an unencrypted connection, wouldn't that be up to the 
consumer?  Otherwise, DH is certainly much better than nothing.  If the 
consumer wants to fall back on "dumb" mode as a backup plan, that could be 
doable as well.

Brian Smith //  avalon73 at caerleon dot us  // http://www.caerleon.us/
Software Developer  //  Gamer  //   Webmaster  //  System Administrator
"Does anybody really know what time it is?  Does anybody really care?"
   -- Chicago Transit Authority

More information about the yadis mailing list