Steve Parker wrote: > > Unfortunately, there are problems with certificate security. > Shamir recently demonstrated how easy it is find the private key > in a PC because of different entropy of the objects. Err? And who leaves their private key lying around unencrypted? > Also, how can I be sure that the "client" serving up the > certificate is the endpoint? A toolkit like WIDL would appear to > provide a screen scraping capability for http which effectively > creates a potential proxy, of which I, at the server end have > no knowledge. Even if I have a cryptographically secure tunnel, > and have a certificate, how do I know that someone hasn't added > their own plumbing to the client? Why do you care? > There are times when it pays to use both belt and suspenders ... > and even that may not be enough. What were you planning to add to certs+crypto to make it more secure? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira GandhiReceived on Monday, 14 June 1999 18:50:57 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:31 EDT