--- "James A. Donald" <[EMAIL PROTECTED]> wrote: > -- > On 12 Jun 2003 at 16:25, Steve Schear wrote: > http://www.acros.si/papers/session_fixation.pdf > > Wow. > > This flaw is massive, and the biggest villain is the server > side code created for Apache.
You really lack some fundamental understanding. https uses a secure private link to create a private http session. It has NOTHING todo with authentication nor identity. For example, when you first login to say yahoo [for email] you're on https. Even before yahoo knows who you are. Think of a verbal handshake in the "get smart" cone of silence.. The fact that people randomly give away *their* secrets doesn't mean the system is flawed. It means the people are ignorant. Tom __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
