On Wed, 8 Feb 2006 09:55, Andrew Patterson wrote: > > I have only two questions about their strategy: > > 1. Not using SSL...? > > As I understand it, SSL has a very subtle problem > which is that the PKI certificates
SSL is only a transport layer. Nothing prevents you from exchanging digitally signed messages via SSL if this is considered essential - in the vast majority of connections it might not be necessary. The beauty of SSL is that it is not only a standard, but also a near ubiquitous well accepted one. Every browser can speak it, and every web service protocol I know (eg xmlrpc, soap) of has no trouble running atop of an SSL connection Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
