On Mon, Aug 10, 2009 at 6:35 PM, Peter Gutmannpgut...@cs.auckland.ac.nz wrote:
More generally, I can't see that implementing client-side certs gives you much
of anything in return for the massive amount of effort required because the
problem is a lack of server auth, not of client auth. If I'm
Folks:
My brother Nathan Wilcox asked me in private mail about protocol
versioning issues. (He was inspired by this thread on
cryptography@metzdowd.com [1, 2, 3]). After rambling for a while
about my theories and experiences with such things, I remembered this
vexing
