Arno Garrels wrote: > If clients may connect from dynamic IP addresses a certificate > can neither be issued to an IP nor to a DNS name, hence rather > useless. In such case a good password is as secure as a client > certificate that i.e. has some ID in it's common name field.
Not quite correct since a client certificate might be safer since the server will check client certificate's issuer. However a client certificate including its key can be stolen or given to some non-authorized third party. > And if both clients and server are under your control it is > not required to buy a certificate, just create your own CA > and certificates (server and client if you like). And if you prefer GUI over command line tools have a look at XCA (sourceforge.net) to manage you own CA. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be