Re: 0.29.0 - PKCS12 Certificates Only?

From: Brian Mathis <bmathis_at_directedge.com>
Date: 2003-09-08 23:00:26 CEST

Mukund wrote:
> On Mon, Sep 08, 2003 at 03:33:36PM -0500, Doug Dicks wrote:
[...]
>>I can get around this by adding "ssl-ignore-unknown-ca = true" to my
>>servers file, but would like to avoid this if possible.
>
> Please avoid it, or you will defeat the very objective of using SSL/TLS.
>

Well, not the *very* objective, but one of them. You'll still get
encrypted traffic on the wire. Yes, a man in the middle attack is still
possible, but that takes much more effort than simply setting up tcpdump.

-- 
Brian Mathis
http://www.directedge.com/b/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Mon Sep 8 23:02:06 2003

This message: [ Message body ]
Next message: e.huelsmann_at_gmx.net: "Re: Current Updated Revision Number"
Previous message: David Waite: "Re: Current Updated Revision Number"
In reply to: Mukund: "Re: 0.29.0 - PKCS12 Certificates Only?"
Next in thread: Mukund: "Re: 0.29.0 - PKCS12 Certificates Only?"
Reply: Mukund: "Re: 0.29.0 - PKCS12 Certificates Only?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]