Jonathan Dickinson wrote: > And my hard-laboured formatting got messed up.
:) > Initiator opens connection > Target gets connection and presents certificate > Initiator verifies certificate with IC -> Fail if invalid > Initiator presents certificate > Target verifies certificate -> Fail if invalid > Success > > The point is, from what I can tell, TLS supports all of that. Yes, but the question is how to verify a certificate from someone you do not know which is not signed by a CA. Or I'm I missing something in your argumentation? Dirk -- A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...
