> SSL certs cost money. This one works the same. etc.. Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text. It's not that I approve of the current SSL PKI regime, but it's still better than none.
tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
