On Thu, Jul 21, 2022 at 5:53 AM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Ben Smyth <resea...@bensmyth.com> writes: > > >should we consider PSK-mode authentication weaker than certificate-based > >authentication? > > No, it's much stronger. With cert-based server auth, a client will > connect to > anything that has a certificate from any CA anywhere, in other words pretty > much anything at all, and declare the connection secure. It's slightly > better > than anon-DH, but it offers almost no protection against phishing, the most > common attack on the web today. > Is this really true? Couldn't an implementation use data from a preexisting agreement in a conventional TLS handshake? That's rhetorical, I already know that you can. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
