SSL/TLS - am I doing it right?

S

Sybren Stuvel

Paul Rubin enlightened us with:
The client cert approach isn't strictly necessary but it means that
the SSL stack takes care of stuff that your application would
otherwise have to take care of at both the client and the server
side.
Click to expand...

Indeed. I always try to take the route of the least wheels I have to
invent. If a group of security specialists have already looked at such
a mechanism, why should I reinvent another?
If you don't generate a certificate, you have to generate a username
and password instead, and manage that. There's still secret
authenticating info on the client, so you haven't really decreased
the client's responsibility.
Click to expand...

And on top of that, using passwords the secret information is sent
over the network.

Sybren
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

String modifying error, trying to delete data in string 2
listening socket 3
socket data sending problem 2
File transfer on network 5
Socket error 98 "Address already in use" 5
socket.error: [Errno 98] Address already in use 15
Error when executing the library reference echo server example 1
socket.makefile() buggy? 7

Members online

No members online now.
Total: 720 (members: 1, guests: 719)
Robots: 129

Forum statistics

Threads
474,290
Messages
2,571,452
Members
48,129
Latest member
DianneCarn

Latest Threads

Top