> OK, I'm going to take a humourous punch at what you just said; if > authentication and authorization are the same thing, why are both > required? Isn't one enough? Please make up your mind...
If A and B are the same thing, either neither is required or both are required. Everything true about one must be true about the other. But what I'm really trying to say is that to get any of the guarantees HTTPS is intended to provide, you need both. So they are the same thing in the sense that one without the other is no better than neither. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
