>
> It is indeed an SSL problem -- the protocol and its components rely
> on PKI, but PKI isn't really there yet. A mutually authenticated
> channel, in which the server presents the DNs of trusted signing
> authorities as part of the handshake, offers a lot more protection
> even for the client.
Again, not an SSL problem since SSL does not require the use of PKI
ciphers. Feel free to use a non-PKI cipher in your SSL
implementation. This is a problem with the implementations found in
Netscape and Microsoft browsers.
Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL. SSH soon to follow.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
