Secure Data Delivery Hiccup
but there's a little boo boo, which i'm not sure anyone spotted. the third
page talks about authentication using X.509 certs - however, as you can see
in fig3 shows an untrusted cert - which means there is NO server authentication
being performed, well it is, but it's not to be trusted.
The lesson is this - you either auth, or you don't. the cert really ought
to be issued by a trusted authority - verisign, you, whatever, but trust
needs to exist for auth to be valid.
just a simple observation...
[696 byte] By [Michael Howard] at [2007-11-9 23:49:01] 