Re: CUPS is now linked against OpenSSL
* Daniel Kahn Gillmor <firstname.lastname@example.org>, 2014-01-13, 23:03:
if the only axis we're measuring along is cryptographic security, then
protecting against passive attackers (eavesdroppers) is clearly better
than not doing so.
but if people think that CUPS' TLS protects them against active
attackers, and they use that to do things like send confidential
information over the link, they have been lulled into a false sense of
So, how would people feel about the following policy:
TLS clients must either:
- validate server certificates;
- or prominently document that they don't do that?