"Trevor Talbot" <[EMAIL PROTECTED]> writes: > There's a fundamental problem that you can't make someone else do > authentication if they don't want to, and that's exactly the situation > clients are in. I don't see how this can possibly be fixed anywhere > other than the client.
The point of requiring authentication from the server side is that it will get people to configure their client code properly. Then if a MITM attack is subsequently attempted, the client code will detect it. It's true that this doesn't offer much defense in the case where a new user is getting set up and a MITM attack is already active. But a user who blindly trusts a server that he's never connected to before is open to all sorts of attacks, starting for instance with mistyping the host name. The fact that this approach doesn't (by itself) solve that problem doesn't make it useless. Also, getting people in the habit of setting up for mutual authentication does have value in that scenario too; it makes the new user perhaps a bit more likely to distrust a server that isn't presenting the right certificate. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster