27 Sep
2003
27 Sep
'03
8:36 a.m.
On Sat, 27 Sep 2003, Barry K. Nathan wrote: [...]
Besides, SSL provides real security. For instance, the fact that SSL is enabled by default was a good defense against this hole: https://rhn.redhat.com/errata/RHSA-2003-255.html
Note that SSL is just a tool. It depends heavily either on Certificate Authorities to do their job properly, or "opportunistic" self-signed certificate exchange working. It gives close to zero protection if you connect to a HTTPS site X for the first time, and you don't have any reference to the certificate the site X is using.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings