On Fri, Feb 13, 2009 at 7:07 AM, Carol Farlow Lerche <c...@msbit.com> wrote: > Martin, I want to understand what https traffic you are concerned will > affect performance and caching. As far as I understand the need for https, > it would only be used infrequently, when reauthenticating to the server. > I.e..:
What you describe was the plan B in my earlier postings. It first does crypto, and then falls back to a totally MITM'able cleartext cookie. So the crypto is just a lot of programming work for a tiny gain. >From a security standpoint, we either do https with client side cert, or we relax and use plaintext cookies. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel