"Drinkwater, GJ (Glen)" wrote:
>
> Hi
>
> Let me reply to a few of the emails.
>
> >>the problem is your own encryption isn't signed by a third party, which
> >>means if someone hack into your server, they could compromise the
> >>security.
>
> wouldn't this still be a problem if my public key was signed by a CA??
> isn't the cert. for the client to verify who i am, this would not effect the
> SSL encryption??????
>
For more details on SSL, here's the spec.
http://wp.netscape.com/eng/ssl3/draft302.txt
Remember that using SSL include a lot than just encrypting data. It
includes establishing secure session, cert management and other
processes. In theory, if a hacker compromises your server they can
break both a custom encryption ans ssl. But breaking SSL is harder than
just decompiling java code to see which algo/padding/key scheme you are
using. Whereas breaking SSL would require much more work.
In reality, a hacker would more likely break into your database than
mess with decompiling your code. Casual hackers will be discouraged by
SSL. Hardcore hackers are hard to protect against. good luck with what
ever you choose.
peter
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
