Allowing the null encryption algorithm in the browser would enable it for other later negotiations, which seems an unnecessary exposure to suppress the encryption for a single small https exchange. But it would certainly be possible.
On Mon, Jul 7, 2008 at 9:44 PM, <[EMAIL PROTECTED]> wrote: > On Mon, 7 Jul 2008, Martin Langhoff wrote: > > On Mon, Jul 7, 2008 at 7:20 PM, Carol Lerche <[EMAIL PROTECTED]> wrote: >> >>> Why does automatic authentication require a custom browser? Client >>> certificates work well for this function in ordinary web applications >>> (assuming a properly configured server). >>> >> >> I haven't delved into this deeply yet, but I suspect that, while I am >> fond of client certs, they won't work - SSL network and CPU overhead >> and sidestepping PKI madness for server certs. More on this when I get >> to implement it. >> > > what about using client certs, but then null encryption after that? it's a > non-standard config, but that's just a config option, not code changes. > > David Lang > > > Now, anyone who wants to have a strong say on how I am developing this >> is free to start implementing it ahead of me, and showing me some >> fantastic patches :-) >> >> cheers, >> >> >> >> m >> >> -- Frisbeetarianism is the belief that when you die, your soul goes up on the roof and gets stuck -- George Carlin
_______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar