[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: insecure, convenient use of SSL

To: "Michael StrÃder" <michael@stroeder.com>
Subject: Re: insecure, convenient use of SSL
From: "Jason Dusek" <jason.dusek@gmail.com>
Date: Fri, 11 Apr 2008 13:55:45 -0700
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <47FF2E5A.2040401@stroeder.com>
References: <42784f260804071743v5fc1468aw5035467df632879d@mail.gmail.com> <42784f260804101642k756f7b3fw564af38b3339fe2@mail.gmail.com> <47FF2E5A.2040401@stroeder.com>

Michael StrÃder <michael@stroeder.com> wrote:
> You shouldn't use SSL in such a insecure way.

  I don't use SSL for anything but encryption. Secure server
  identity is handled by my DNS setup. I guess if my hosting
  company wanted to attack me, I'd be in trouble.

  The rest of your advice, while sound for testing, doesn't
  really address my original question.

  Your affirmation of best-practices is, of course, to be
  expected on this list and indeed in the AAA community at
  larger. I don't operate under the assumption that explanation
  is endorsement. I'm aware of the danger that I'm getting into.
  I wouldn't use this mechanism for authenticating across
  offices, for example.

-- 
_jsn

Follow-Ups:
- Re: insecure, convenient use of SSL
  - From: Michael StrÃder <michael@stroeder.com>

References:
- insecure, convenient use of SSL
  - From: "Jason Dusek" <jason.dusek@gmail.com>
- Re: insecure, convenient use of SSL
  - From: Michael StrÃder <michael@stroeder.com>

Prev by Date: Re: error while adding entry using ldap.jar JAVA API
Next by Date: Re: error while adding entry using ldap.jar JAVA API
Index(es):
- Chronological
- Thread