> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Harry Whitehouse
> Sent: Tuesday, November 16, 1999 1:54 AM
> To: [EMAIL PROTECTED]
> Subject: Question about Browser Authenticity
>
> How can the user be certain that their browser (or other SSL3
> client) hasn't
> been compromised -- or that they have a roque version of the
> client -- which
> will go through the motions of authenticating the server but
> really not do a
> proper job. The result being that the user *thinks* he/she has
> established
> a secure connection to the desired party, but in fact are connected to
> another site.
You'll never have a guarantee that a software (browser) hasn't been
compromised. It's impossible to protect software with software.
Regards Rene
--
-----------------------------------------------------------
Rene G. Eberhard
Mail : [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
