Ronald Ruzicka wrote:
>
> If a client does a request (using SSL) to the server he will get the usual
> message ("security information") from his browser: it tells, that this is a
> certificate from a trusted certification organisation, that the date is
> correct; but it tells as well, that the name of the certificate is not the
> same as the site name. But then everything works ok.
>
So if you go to amazon.com and get a warning that the certificate
doesn't match the site name, you would just type in your credit card
number anyway?
Authentication is an essential part of SSL. It is not just about
encryption.
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
