Ronald Ruzicka wrote:
>
> As I said below: this depends on the application. I agree with you in that
> amazon.com point (and many other applications). But this is not the problem
> with servlet-applications (where the user does not see this message) and in
> cases, where I simply want a secure connection - I think we will end up in a
> philosophical discussion ... ;)
>
It's not a philisophical point - there are genuine security issues at
stake.
It makes no sense (indeed, it is dangerous) to have an encrypted
conversation with someone if you don't know their identity. And you
cannot be sure of identity without authentication.
Check out the thread:
http://marc.theaimsgroup.com/?l=apache-modssl&m=99380834501963&w=2
(Note that I started out agreeing with you - then I saw the light...)
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
