On Monday 04 of October 2010 14:09:06 Sim IJskes - QCG wrote: > On 10/04/2010 01:54 PM, Michal Kleczek wrote: > >> This is why TLS is so important. With TLS you have authentication and > >> encryption in one solution. You can configure the level of encryption > >> and the mechnisms for authentication differently for each application. > >> > >> It provides you with an end-to-end solution, so you can use any insecure > >> path you like. > > > > So you meant TLS between the client and the service in your previous > > post? But how can the client communicate with the service before > > unmarshalling the service proxy? > > Before i can start unmarshalling, i need to load the class from the > classloader. This classloader connects to the code providing server. The > classloader and server handshake, and exchange certificates. If anything > is fishy, the connection is severed, and whe only have lost the few > bytes from the handshake.
Sure - I understand that. My point is actually that it requires trust relationship with the code server. In other words - for me to securely communicate with you we both have to trust a single third party (the code server). I don't want that - I just trust you but neither you nor I have the necessary infrastructure to have a trusted code server - can we still securely communicate using GMail as our code server?. Michal
