On Thursday 11 November 2004 04:53 pm, Peter Saint-Andre wrote: > In article > <[EMAIL PROTECTED]>, > > "JD Conley" <[EMAIL PROTECTED]> wrote: > > Allowing self signed (or otherwise untrusted) certs with STARTTLS + > > EXTERNAL is opening yourself up for a serious security breach. > > Well, that's another story. But that claim on the URL I provided was > that it is technically impossible, not inadvisable from a security > standpoint.
Ah, right, this is certainly technically possible. People use self-signed or otherwise unverified certificates all the time. I don't think there'd be anything technically wrong with this. Even providing no cert at all should be fine. -Justin _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
