On Sat, 27 Sep 2003, Barry K. Nathan wrote: [...] > Besides, SSL provides real security. For instance, the fact that SSL is > enabled by default was a good defense against this hole: > https://rhn.redhat.com/errata/RHSA-2003-255.html Note that SSL is just a tool. It depends heavily either on Certificate Authorities to do their job properly, or "opportunistic" self-signed certificate exchange working. It gives close to zero protection if you connect to a HTTPS site X for the first time, and you don't have any reference to the certificate the site X is using. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
