[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Cookies at XML Europe 2004 -- Call for Participation
> Very true, although eventually those certificates will expire, and then > you need a new browser, in which case I've got you. No, because the old CA can sign a new CA certificate. If I have that, and I have the new self-signed certificate, I have a trust path. Or the old CA can just sign something that says "key nnnnnn is the new public key of this CA." As for 2617, I dislike the dictionary attack, especially since it uses weak user-chosen passwords which are historically easy to guess. Other than that, I agree it's pretty good if anyone used it. But given SSL, I don't see a compelling need for it; do you? /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|