Michael G Schwern <[EMAIL PROTECTED]> writes: >One thing to keep in mind is portability. In order for this to be useful >it has to run on pretty much all platforms. Unix, Windows, VMS, etc... >So I'm trying to keep it as simple as possible. > > >On Wed, Feb 18, 2004 at 05:29:49PM +0000, Adrian Howard wrote: >> - If this is going to be run by paranoid people everything would have >> to be over https to prevent man-in-the-middle attacks on the code being >> transported > >HTTPS might be overkill, we don't need to encrypt the communications, just >identify the server. A simple thing to do would be for my server to have >a public/private key pair.
How about layering it on ssh then? That has done all authentication stuff already. >The clients ship with or they download my public >key. Then later when they communicate they encrypt a little string with >my public key, I decrypt it and send it back for verification. Simple.
