Joe Touch <[email protected]> writes:
> Why not just use the term "unauthenticated encryption", when that's
> exactly what's happening?
Well, it's not necessarily what's happening. The data itself might
still have "integrity protection" (which is a form of authentication.
You're just not authenticating the endpoint, which means you could be
subject to a MitM attack. Alternate terms could be "Unauthenticated
Keying" or "Unauthenticated Key Exchange" which are closer (IMHO) to
what's going on.
> Joe
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
