2 Oct
2019
2 Oct
'19
6:39 a.m.
On Wed, Oct 02, 2019 at 05:45:57AM -0400, Valdis Klētnieks wrote:
On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said:
It is a common fallacy that TLS connections are authenticated. The vast majority of them are not authenticated in any meaningful fashion and all that can be said about TLS is that it provides an encrypted connection between the two communicating applications. This is perhaps why it is call *transport* layer security ...
Another major disconnect is that TLS validates the hostname that the browser decided to connect to, not the host you thought you were connecting to..
Sadly, the W3C is stonewalling on the WebMindReading API. - Matt