Hi
"Gregory J. Feig" <[EMAIL PROTECTED]> wrote:
>>> PS: There is some kind of transfer.
>>> The browser has a built in list of certification authorities.
>>> Thos can sign keys from servers.
>>> If the browser encounters a key which is signed by a known CA, than it
>>> will proceed, if not, than a window pops up, and asks you what to do.
>> Well, this "transfer" is totally different and has nothing to do with the
>> actual encryotion. =)
>> I'm not even sure it sends the key, it might only send key IDs or
>> something. Whatever. =)
GF> petri .......yeah....but read Sergei's last-night post about cracking
GF> and getting a couple thousand creditcard numbers, et al, because
GF> the server had them stored in the clear.......Roger Turk would echo
GF> me when I say, "any secure system can be blown by stupidity."
GF> It sounds like a small replay of "The Cuckoo's Egg"//
I was only writing about the transfer.
Eg with SSL nobody is able to get the data by simply sniffing the connection.
If the admins at the other end are to silly ... than that's not a problem of
SSL transfer !
GF> gregy
CU, Ricsi
--
Richard Menedetter <[EMAIL PROTECTED]> [ICQ: 7659421] {RSA-PGP Key avail.}
-=> All's well that ends well <=-
