This has gotten way off topic of how to use mod_ssl.
I suggest interested parties look for Dan Geer's "risk management is
where the money's at" paper. Google should find it trivially.
Many consider it to be the definitive word on this trade-off issue.
/r$
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Owen Boyle
- Re: HEAD / HTTP/1.0 - To sign or not to sign? R. DuFresne
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Deocs Postmaster
- Re: HEAD / HTTP/1.0 - To sign or not to sign? T\.
- RE: HEAD / HTTP/1.0 - To sign or not to sign? John . Airey
- RE: HEAD / HTTP/1.0 - To sign or not to sign? T\.
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Owen Boyle
- RE: HEAD / HTTP/1.0 - To sign or not to sign? John . Airey
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Owen Boyle
- RE: HEAD / HTTP/1.0 - To sign or not to sign? John . Airey
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Rich Salz
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Michael T. Babcock
- Re: HEAD / HTTP/1.0 - To sign or not to sign? R. DuFresne
- Re: HEAD / HTTP/1.0 - To sign or not to sign? R. DuFresne
- RE: HEAD / HTTP/1.0 - To sign or not to sign? T\.
- Re: HEAD / HTTP/1.0 - To sign or not to sign? T\.
- Re: HEAD / HTTP/1.0 - To sign or not to sign? T\.
- Re: HEAD / HTTP/1.0 - To sign or not to sign? Geoff Thorpe
