-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martin,
On 4/8/13 8:25 PM, Martin Gainty wrote: > Identification of keys and supported ciphers are an important for > Key Exchange But before that happensThe certificates attributes are > the only means the CA-Authority can verify the the name in the > cert The certificate attributes should contain 1)1 and only 1 > Hostname to contact 2)Identification information from a DN in LDAP > or a suitably unique Name Service Server (ADS)allowing verification > of client to a 'Name > Service'http://docs.oracle.com/cd/E19575-01/820-3885/gimog/index.html > > Allowing your cert to authenticate to n hosts invites 2n as many > potential DOS attacks Not requiring DN would negate the > CA-Authority ability to verify DN CN == SSL-Host. Think of online > banking and clients need to circumvent forged sites as 'The > official bank site' to send your money If you are FE with Apache > you will want to configure in mod-sslhttp://www.modssl.org/ Yes, you definitely want to make sure to download and install mod_ssl into your your Apache 1.3 install on your Windows NT 3.5 server. All of your Netscape clients will be able to access full 48-bit export encryption over a modern HTTP 0.9 connection. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRY2bEAAoJEBzwKT+lPKRYlrEQAK9dKWMMdXDNJSb3zfHDyV5t umGfZ7JxtvClHHyBrkSIfRgnFrbnlSvYJTXC5gKP5maC9cMI9WHilIURAv/59CIs PPaV/SUPRVjHpN2HfAe6U6qN0JvqC4yKzZGwBLr5vy+KIQf5y/AkzovRLs1yVwY8 RWI4CvIUpGlT59OG+keGgTAQN2nzszIuo8kZFCw7Dl/ZK99T6HBi/NnfTNo8CX+k ACgWv4FphJO9OUfautfF2RuoZbcXOTy+DnO1Nxpa2Qew3ne6CC2CDK0+15LBK771 Pxze5rGFAGMO7M0Q/MXKHVntolpUPH5vz/1ca1qC16IO4kKjR/zkTTCAq//T3ITM 6O4Fa7r0JmDKif+I9to1CexLK8h8Bcqa7htMOAbOg9og+9kX9Xm1LKpywgsoU5Gy bfyF9jsg0VIVGZP3wXPEf2c33sUQpQ8q1Y1objefxujRWOcIvm47qjvlWVkec/Da Bn3TnmtQNPkKovp7vnwIZBeyNCkaFH803sM+x4U4exjHuykEMDLzoIhZ1+RVBkch T9Xryu1NRXPUVIxbtKgBK8upbFq0sK02aD2HEHOkszCeEHRChKimTMQyO/vvagMH Yj/vogJHEsOKpR/K6AAIxzbeEntBXmeS1EMq0XB6o0IgWM0kYlzEfJ5KBCRdnpcE He1BfzyLSJmSXp4mAZh4 =xk8T -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
