[Date Prev][Date Next]
Re: insecure, convenient use of SSL
Michael StrÃder <email@example.com> wrote:
> You shouldn't use SSL in such a insecure way.
I don't use SSL for anything but encryption. Secure server
identity is handled by my DNS setup. I guess if my hosting
company wanted to attack me, I'd be in trouble.
The rest of your advice, while sound for testing, doesn't
really address my original question.
Your affirmation of best-practices is, of course, to be
expected on this list and indeed in the AAA community at
larger. I don't operate under the assumption that explanation
is endorsement. I'm aware of the danger that I'm getting into.
I wouldn't use this mechanism for authenticating across
offices, for example.