On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote: > While the DIGEST-MD5 provides for a (limited) form of mutual > authentication, DIGEST-MD5 offers no assurance to either the client or > the party that the end points of the DIGEST-MD5 exchange are the same > as the end-points of the TLS exchange.
You mean if you don't verify the TLS certificate? -Justin
