Re: CUPS is now linked against OpenSSL

[Jakub Wilk <jwilk@debian.org>]

* Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 2014-01-13, 23:03:
> if the only axis we're measuring along is cryptographic security, then 
> protecting against passive attackers (eavesdroppers) is clearly better 
> than not doing so.
>
> but if people think that CUPS' TLS protects them against active 
> attackers, and they use that to do things like send confidential 
> information over the link, they have been lulled into a false sense of 
> security.

Hear, hear.

So, how would people feel about the following policy:

TLS clients must either:
- validate server certificates;
- or prominently document that they don't do that?

?

--
Jakub Wilk