3 Nov
2011
3 Nov
'11
1:53 a.m.
On 11/2/2011 12:22 PM, Michal Trojnara wrote:
Not validating the chain would violate the protocol requirements.
I am not suggesting you should abandon normal CA based validation, but that in addition to it, you could support an alternative validation model where the user can grant trust to the server cert, which renders any further validation unnecessary. Considering you support running without any validation whatsoever, doesn't make sense that you object to this alternative approach.