24 Aug
2009
24 Aug
'09
5:30 a.m.
Howard Chu hyc@symas.com wrote:
But certificates are not a required element for encryption of a connection - after all, TLS also supports anonymous Diffie-Hellman key exchange.
Sure, but encryption without authentication makes little sense, as you don't know who you are securely speaking to: you can get an encrypted link to a man in the middle.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org