spec: Don't claim that the nonce-tcp transport is "secured"
Like the normal TCP transport, it has no confidentiality or integrity protection. The only difference is that it adds an extra layer of authentication. However, this extra authentication is easily defeated if an attacker could be eavesdropping on the link between client and server (unlike DBUS_COOKIE_SHA1, which for all its flaws does at least protect the confidentiality of the magic cookie). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004Signed-off-by: Simon McVittie <email@example.com> Reviewed-by: Ralf Habacker <firstname.lastname@example.org> Reviewed-by: Philip Withnall <email@example.com>
Showing with 4 additions and 4 deletions