[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Thor Simon tls@coyotepoint.com
Tue, 2 Nov 2010 01:25:48 GMT
On Mon, Nov 01, 2010 at 11:41:26PM +0000, Bryan Stansell wrote: > > Well, if you provide the certificate, it needs to succeed it's > authenticity check. If you don't provide one at all, it falls back to > an anonymous cipher (so, it's encrypted, but not authenticated and > subject to man-in-the-middle). But anyone can man-in-the-middle the client by pretending to be a server with no certificate, no? Thor