On Mon, May 11, 2015 at 04:42:49PM +0000, Viktor Dukhovni wrote: > On Mon, May 11, 2015 at 11:25:33AM -0500, Nico Williams wrote: > > > - If you don't want to depend on server certs, use anon-(EC)DH > > ciphersuites. > > > > Clients and servers must reject[*] TLS connections using such a > > ciphersuite but not using a GSS-authenticated application protocol. > > [*] Except when employing unauthenticated encrypted communication > to mitigate passive monitoring (oportunistic security). As this would be replacing RFC2712, it's not opportunistic to begin with :)
