> OK, I'm going to take a humourous punch at what you just said; if
> authentication and authorization are the same thing, why are both
> required? Isn't one enough? Please make up your mind...
If A and B are the same thing, either neither is required or both are
required. Everything true about
> Proponents of the requested change believe that it is much
> likelier to have
> your communications observed by a passive attacker, than to have an active
> attacker in the path that masquerades as e.g. "amazon.com". Not that the
> later is impossible - just less probable and less frequent.
Exc
howto make the OCSP certificate.
This is the section I added to my openssl.cnf file.
[ ocsp_cert ]
# These extensions are added when 'ca' signs a request for an OCSP
responder.
basicConstraints=CA:FALSE
extendedKeyUsage= OCSP Signing
noCheck = yes
...
Then as my other post said:
add "-e
Hi,
I am trying to install ITISSL which is a java wrapper based on
SSLEAY/OpenSSL. Ater I modifed the itissl.build.config file and ran make, I
got the following error message. (Note I didn't modify the line 79)
*
make: Fatal error in reader: itissl.build.config, line 79: Unexpected end of
line s
Hello,
> I'm trying to use TLS on pure-ftp.
> However, I'm unable to establish a secure connection... the debug
> says
>
> [ERROR] SSL/TLS [/etc/ssl/private/pure-ftpd.pem]: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
This SSL alert means that your certificate is n
Hello all
I'm trying to use TLS on pure-ftp.
However, I'm unable to establish a secure connection... the debug
says
[ERROR] SSL/TLS [/etc/ssl/private/pure-ftpd.pem]: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
Any ideas?
Best regards,
-vcf
_
"I have seen this certificate before, and I assert that I want to
allow it for limited purposes -- if only because I want to make sure
that third-parties can't see what URLs I'm looking at. I do NOT want
to post my credit card or other sites' login information to this site,
so warn me if I do so.
In message <[EMAIL PROTECTED]> on Tue, 5 Dec 2006 13:45:13 -0800, "David
Schwartz" <[EMAIL PROTECTED]> said:
davids> Authentication and authorization are the same thing.
Generally speaking, that's incorrect, even if you might have a
specific case where your statement applies.
To take an example
> > There are security paradigms such as SSH where you use "leap of
> > faith": strictly you haven't authenticated the remote end, but you
> > "know" that your peer is the other box next to you, you
> > verified its PK fingerprint visually, so you approve ("authorize")
> > that peer from now on.
