|
|
@@ -25,8 +25,8 @@ WAMP does not appear to have it's own encryption layer, but it does have |
|
|
it's own authentication layer. You really don't want to have to trust |
|
|
it's own authentication layer. You really don't want to have to trust |
|
|
two different authentication layers<label for="sn-encauth" |
|
|
two different authentication layers<label for="sn-encauth" |
|
|
class="margin-toggle sidenote-number"></label><input type="checkbox" |
|
|
class="margin-toggle sidenote-number"></label><input type="checkbox" |
|
|
id="sn-encauth" class="margin-toggle"/><span class="sidenote" |
|
|
|
|
|
id="sn-encauth">The encryption layer must be authenticated, otherwise |
|
|
|
|
|
|
|
|
id="sn-encauth" class="margin-toggle"/><span class="sidenote">The |
|
|
|
|
|
encryption layer must be authenticated, otherwise |
|
|
any attacker could MiTM the connection. Most uses of TLS make use of |
|
|
any attacker could MiTM the connection. Most uses of TLS make use of |
|
|
the CA system for authentication (which has serious issues in trust), |
|
|
the CA system for authentication (which has serious issues in trust), |
|
|
and most web apps add their own authentication layer on top of it (not |
|
|
and most web apps add their own authentication layer on top of it (not |
|
|
|
