Dan Williams wrote: > [...] > has payed say Verisign to sign their organization-wide CA, which they > then use to sign the server's certificate. > [...] > Always set a CA certificate, and optionally set the subject match stuff
Subject match is mandatory in that case. When setting the CA alone you are still prone to MITM (CVE-2006-7246). cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
