Michael Ströder email@example.com wrote:
You shouldn't use SSL in such a insecure way.
I don't use SSL for anything but encryption. Secure server identity is handled by my DNS setup. I guess if my hosting company wanted to attack me, I'd be in trouble.
The rest of your advice, while sound for testing, doesn't really address my original question.
Your affirmation of best-practices is, of course, to be expected on this list and indeed in the AAA community at larger. I don't operate under the assumption that explanation is endorsement. I'm aware of the danger that I'm getting into. I wouldn't use this mechanism for authenticating across offices, for example.