On Tue, 30 Sep 2008 17:03:07 EDT, Eliah Kagan said: > Once the three-way handshake is complete, the client is in the > server's house, and may go into any room (this is application-layer > now) not forbidden by a security mechanism or law of the land. One > would be hard pressed to argue that an authentication system without a > password set is a security mechanism.
Actually, once the three-way handshake is complete, the situation is more like "the client is talking to the server at the front door or on the telephone, and has *not* been specifically invited into the interior of the house".
pgpV3e5zD9bPn.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
