[EMAIL PROTECTED] (Arnaud Ebalard) writes: >>>> "This software does not have any authentication capabilities: it does >>>> not allow you to authenticate your peer, which is a basic requirement >>>> for TLS/SSL to be used securely. You should only use it for testing >>>> purposes and not relaying important information. Be aware that you are >>>> vulnerable to MITM when using it" >> >> That seems correct to me. >> >> Note that even if you use gnutls-cli, you need to configure it to use >> appropriate trust anchors to get full security. > ^^^^^^^^^^^^^ > > I hope you mean "a working setup". If you do not provide it any (set of) > trust anchor, it should not be able to verify server's certificate and > should fail, shouldn't it?
Right, and that's what I meant with "you need to configure it to use appropriate trust anchors". If you do that, you should get full security (whatever that means). /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]