Michael Samuel wrote: > Hi, > > On 5 March 2015 at 19:58, Christoph Berg <m...@debian.org> wrote: >>> That's an excellent thought.. I wasn't aware of this. Unfortunately, >>> I'm not sure that we could make it the default in Debian as it requires >>> server-side certificates be configured and used properly (correct?) but >>> I don't see a reason to not support it and encourage its use. > > TLS-SRP verifies both client and server.
Yep. I confused SRP with PSK ciphersuites here. There're no ciphersuites that support PKIX and SRP. Unfortunately there's also only AES-CBC (mac-then-encrypt) as a possible option when using SRP. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Aaron
signature.asc
Description: OpenPGP digital signature
