target = "https://tools.ietf.org/rfc/rfc8446#C.5"

# C.5.  Unauthenticated Operation
#
# Previous versions of TLS offered explicitly unauthenticated cipher
# suites based on anonymous Diffie-Hellman.  These modes have been
# deprecated in TLS 1.3.  However, it is still possible to negotiate
# parameters that do not provide verifiable server authentication by
# several methods, including:
# 
# -  Raw public keys [RFC7250].
# 
# -  Using a public key contained in a certificate but without
#    validation of the certificate chain or any of its contents.
# 
# Either technique used alone is vulnerable to man-in-the-middle
# attacks and therefore unsafe for general use.  However, it is also
# possible to bind such connections to an external authentication
# mechanism via out-of-band validation of the server's public key,
# trust on first use, or a mechanism such as channel bindings (though
# the channel bindings described in [RFC5929] are not defined for
# TLS 1.3).  If no such mechanism is used, then the connection has no
# protection against active man-in-the-middle attack; applications
# MUST NOT use TLS in such a way absent explicit configuration or a
# specific application profile.

[[spec]]
level = "MUST"
quote = '''
If no such mechanism is used, then the connection has no
protection against active man-in-the-middle attack; applications
MUST NOT use TLS in such a way absent explicit configuration or a
specific application profile.
'''