You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Secondary certs depends on there not being a MitM. And sadly, they still exist in some places.
Now, as an advisory extra, the failure mode isn't fatal to the connection, but it could mean a lot of wasted effort. So we could pack the setting with 32 bits extracted from the exporter as confirmation that the mechanism works, or design a new mechanism to reduce the chance that we waste effort on creating authenticators that we can't use.
Either way, it's probably worth mentioning this possibility.
The text was updated successfully, but these errors were encountered:
The only wrinkle is that they might be all zero. If settings parsers return 0 and the exporter returns an all zero 32-bit value, then there is a possibility of a false positive.
I think that we can either force a bit to one and lose a bit, or emphasize that endpoints have to check for the presence of the setting as well as its value.
Secondary certs depends on there not being a MitM. And sadly, they still exist in some places.
Now, as an advisory extra, the failure mode isn't fatal to the connection, but it could mean a lot of wasted effort. So we could pack the setting with 32 bits extracted from the exporter as confirmation that the mechanism works, or design a new mechanism to reduce the chance that we waste effort on creating authenticators that we can't use.
Either way, it's probably worth mentioning this possibility.
The text was updated successfully, but these errors were encountered: