Re: HTTP Authentication
- From: jenglish@xxxxxxxxxxxxx (Joe English)
- Date: 16 Mar 2006 06:32:53 GMT
slebetman wrote:
Michael wrote:
[...]
Don't I need some kind of certificate for SSL?
Generally you'll need a certificate if you are a server. Clients
usually don't need certificates (after all, what people want is to know
that the server is legit - they are not being phished).
Somewhat off-topic, but: server-side SSL certificates, as
they are commonly used on the Web today, don't do squat
against phishing. That little padlock icon in the corner
of your web browser? All it means is that the party at
the other end of the connection has given a CA some money
to get a signed certificate. (That, and you can be confident
that no bad guys running a packet sniffer on your LAN
will be able to eavesdrop.)
Now it's possible to use SSL in a way that provides rock-solid
protection against phishing (and many other attacks). Unfortunately
today's generation of web browsers don't use it that way.
--Joe English
.
- Follow-Ups:
- Re: HTTP Authentication
- From: Michael
- Re: HTTP Authentication
- From: Donal K. Fellows
- Re: HTTP Authentication
- References:
- HTTP Authentication
- From: Michael
- Re: HTTP Authentication
- From: Glenn Jackman
- Re: HTTP Authentication
- From: Michael
- Re: HTTP Authentication
- From: slebetman@xxxxxxxxx
- HTTP Authentication
- Prev by Date: Re: Opening multiple windows in TCL
- Next by Date: Re: Checksum
- Previous by thread: Re: HTTP Authentication
- Next by thread: Re: HTTP Authentication
- Index(es):
Relevant Pages
|
