[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] self issue of certificates
- Subject: Re: [cobalt-security] self issue of certificates
- From: "Jelmer Jellema" <cobalt@xxxxxxxxxxxxxxx>
- Date: Thu, 28 Feb 2002 22:36:38 +0100
- Organization: Spin in het Web (www.spininhetweb.nl)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> >Why would you or anyone send your password in clear
> >text when all you have to do is self-issue a cert to
> >get 128-bit ssl protection?
By the way. I read something about the auth part of the https connection
starting *before* the ssl-encryption was established, thush sending the
apache auth password unencrypted, only to start encrypting right after?
Maybe I misunderstood? (hope so).
Jelmer