[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CUPS is now linked against OpenSSL

* Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 2014-01-13, 23:03:
if the only axis we're measuring along is cryptographic security, then protecting against passive attackers (eavesdroppers) is clearly better than not doing so.

but if people think that CUPS' TLS protects them against active attackers, and they use that to do things like send confidential information over the link, they have been lulled into a false sense of security.

Hear, hear.

So, how would people feel about the following policy:

TLS clients must either:
- validate server certificates;
- or prominently document that they don't do that?


Jakub Wilk

Reply to: