It is sort of complicated. Waht is more important is that if the client
does not want to see any certificates, why bother to encrypt data? Since
you can be "securly" talking to the wrong party, encrypt data without
authenticating the server first does not make much sense, unless you are
perfectly sure that you are talking to the right party. Over the internet,
there is no way to be sure.
Cheers
-----Original Message-----
From: Josef Hartmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, July 01, 1999 1:29 PM
Subject: accepting/ installing certificates
>Hi,
>
>how do people build SSL systems which do not require the client to
>accept certificates? E.g. if you want to order a book at www.amazon.de
>and you are using the SSL connection, users do not have to accept the
>certificates, although the certificate of the website is not in the
>browser implemented, yet and the site is used the first time.
>
>ANY HINTS????
>
>
>Thanks
>
>Josef Hartmann
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
