Meant to say 'since afaik, flash doesn't look at the browsers x.509 pool
for CAs, and thus there is no way, again afaik, of validating if a
public key sent by the server, the best I can come up with is the
solution below'. Please tell me if I am missing something.
-client sends request over https for the socket key
-the server respond by generating keys, associating the keys to the
session (enabling checks to see if it is still active), and then sends
it back over https -once the key is received the client uses the keys to
encrypt/decipher too.
What do you think? any suggestions?
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
