On 1/10/13 12:22 PM, Florian Weimer wrote:
Which leaves open the question (in my mind) as to whether to require this:
"Both end points must authenticate each other."
Keep in mind that the client side was deliberately crippled in
browsers for privacy reasons. Support used to be much better—you
could transparently created a client certificate which would
automatically be used for future TLS handshakes.
Right, another requirement:
"Minimise the leakage of identifying information to eavesdroppers."
These two requirements then might appear opposed. Or might not, there
are many ways to skin the connection cat.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
