DH Support and Marketing
Brian Smith
avalon73 at caerleon.us
Wed Jun 22 18:24:51 PDT 2005
On Wed, 22 Jun 2005, Nathan D. Bowen wrote:
> I would ask (and am asking) for your help in explaining the security
> benefits of allowing the unencrypted option, because I don't understand
> it and I'm having trouble explaining it to others.
The way I understood it, from emails earlier in the mailing list archives,
is that it's optional because in the case where you do have SSL on the
connection it's a little redundant. I've yet to see a generic way for a
CGI/PHP script to know whether the connection was already secure or not.
If a consumer wants to refuse negotiating with a server that ignores the
DH request over an unencrypted connection, wouldn't that be up to the
consumer? Otherwise, DH is certainly much better than nothing. If the
consumer wants to fall back on "dumb" mode as a backup plan, that could be
doable as well.
--
-----------------------------------------------------------------------
Brian Smith // avalon73 at caerleon dot us // http://www.caerleon.us/
Software Developer // Gamer // Webmaster // System Administrator
"Does anybody really know what time it is? Does anybody really care?"
-- Chicago Transit Authority
More information about the yadis
mailing list