[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: insecure, convenient use of SSL

Michael StrÃder <michael@stroeder.com> wrote:
> You shouldn't use SSL in such a insecure way.

  I don't use SSL for anything but encryption. Secure server
  identity is handled by my DNS setup. I guess if my hosting
  company wanted to attack me, I'd be in trouble.

  The rest of your advice, while sound for testing, doesn't
  really address my original question.

  Your affirmation of best-practices is, of course, to be
  expected on this list and indeed in the AAA community at
  larger. I don't operate under the assumption that explanation
  is endorsement. I'm aware of the danger that I'm getting into.
  I wouldn't use this mechanism for authenticating across
  offices, for example.