> To make the system entirely secure against this attack, we need
> to be able to enforce a one to one mapping between login
> sessions and https sessions.  The existing tools for writing
> server side code do not provide us with any direct means of
> enforcing such a relationship.

I'm not paying very close attention to your posts.  Paragraphs like the
above are the reason why.  From

The following environment variables are exported into SSI files
and CGI scripts:
    SSL_SESSION_ID The hex-encoded SSL session id

Care to try again?

Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to