> > Here's a simple thing: when your "agents" connect to the server, have
> > the server create a symmetric key (e.g., 3DES) and send it back to the
> > client.
> That isn't good example. First, there is one additional connection between
> server and client. Second, attacker could be get a key because in first
> connection it is going to client as plain text.
The original posting said the clients/agenets were going to connect with
SSL.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
