Why is replacing the 15 year old Netscape hack suddenly a bad idea?
Because you cannot create a secure provisioning system without having
some kind of [by the issuer recognizably] predefined key in the token.
With such a key, the token would be able to attest generated keys,
import data
using M
Nelson B Bolyard wrote:
A server that logs you out and doesn't clear your TLS session from its
server session cache is a badly designed server. That's not a fundamental
flaw in TLS or in browsers, and could also happen with cookies or any other
scheme for caching session information. So don't
On 2010/03/11 09:37 PST, Robert Relyea wrote:
> On 03/11/2010 05:59 AM, Anders Rundgren wrote:
>> Hi,
>> I can't help it, but TLS client cert auth is really a very crappy system
>> when used in browsers.
Anders, you've expressed that opinion before in this forum many times.
You're entitled to th
3 matches
Mail list logo
