[ntp:questions] Re: 4.2.1-RC

Steve Kostecke kostecke at ntp.isc.org
Tue Mar 28 13:37:14 UTC 2006


On 2006-03-27, David Woolley <david at djwhome.demon.co.uk> wrote:

> Using SSL will give people a false sense of security

Using SSL keeps clear-text passwords off the wire.

> and possibly cause them to use passwords that are used for other
> purposes that are more sensitive

That's their choice.

> (I doubt many people use a different password for every site,

That's their choice.

> The only purpose of your certificate is to trick the web server into
> offering an unauthenticated connection, against its better judgement,
> and probably against that of the browser.

In our application the purpose of SSL is to keep clear-text passwords
off the wire.

> If you still want to offer null authentication,

Who said anything about offering authentication?

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list