* Martin Pitt (mpitt@debian.org) wrote:
> For the record, I don't agree. SSL certificate validation is good, and
> should be done as long as you have a cert installed. Encryption
> without authentication is not worth a lot, after all.
I disagree, and you *can* do authentication without SSL! The big one
being Kerberos/GSSAPI which gives both server and client authentication.
There's a big difference between man-in-the-middle attacks and passive
network monitoring. Certainly, we should do validation where it's
*possible* to do it, but I don't think we should throw out encryption
just because we don't have a root cert available for use.
If we don't have a certificate it's not possible to validate *anyone*.
That's going to be the case for packagers and I just can't imagine
asking them to ship a broken configuration.
Thanks,
Stephen