Re: [Ecrit] LoST Review - part 1

[Henning Schulzrinne <hgs at cs.columbia.edu>]

> As we all know, certs of CAs exist in browsers that we never check,  
> and if one get a question about a cert from an unknown CA, we all  
> "just click ok-continue". The end result because of this is an  
> encrypted session, with some automatic checks between the DN in the  
> cert and domain name.

Once the CA or public key can't be verified, you could be talking to  
a man-in-the-middle instead, so the crypto property is also greatly  
diminished. Fortunately, it is unlikely that LoST is accessed through  
a user interface with click-happy users.


> I think referrals are good. But, my recommendation is always  
> regarding these things that a server can always refuse a request on  
> doing referral (because of load or whatever), and because of that  
> clients must be able to manage without getting the referral request  
> fulfilled.

Agreed and noted.

>    Patrik


_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit