David McCabe wrote:
>
> If the first connection to a web site causes the
> authentication to be activated, the
> password is _NOT_ encrypted. A successfull connection has to
> be established with a
> secure web site before the encryption is turned on.
You've got something completely wrong here. The way the SSL
protocol works, the first thing that happens is that an
encrypted channel is set up - only after that, you'll have
the http (encrypted) communication.
But take a look at http://www.modssl.org/docs/2.5/ssl_intro.html
for a great explanation of the protocol.
Sorry guys, I know that this is OT but I really had to clear that
one up :)
vh
Mads Toftum, QDPH
---
System Designer / Developer
Tele Danmark Nøglecenter - http://www.certifikat.dk/
email: [EMAIL PROTECTED] / [EMAIL PROTECTED]
