|
|
|
|
|
|
by btrask
3607 days ago
|
|
|
In the context of sharing public keys, I'd say you merely need authentication. Web of Trust being one possible mechanism. This isn't a particularly advanced topic. Relevant to my original post, information about whether the connection should be encrypted also merely needs to be authenticated, not encrypted itself. Of course, the HSTS preloading site uses HTTPS (with encryption) because it's easy and why not. |
|
|
I'm reading the auth and channel as independent. Auth is something of a metachannel, perhaps.