--- "James A. Donald" <[EMAIL PROTECTED]> wrote:
>     --
> On 12 Jun 2003 at 16:25, Steve Schear wrote: 
> http://www.acros.si/papers/session_fixation.pdf
> Wow.
> This flaw is massive, and the biggest villain is the server
> side code created for Apache.

You really lack some fundamental understanding.

https uses a secure private link to create a private http session.  It
has NOTHING todo with authentication nor identity.

For example, when you first login to say yahoo [for email] you're on
https.  Even before yahoo knows who you are.  Think of a verbal
handshake in the "get smart" cone of silence..

The fact that people randomly give away *their* secrets doesn't mean
the system is flawed.  It means the people are ignorant.


Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to