(another) WebKit port of Browse
cafl at msbit.com
Tue Jul 8 01:03:46 EDT 2008
Allowing the null encryption algorithm in the browser would enable it for
other later negotiations, which seems an unnecessary exposure to suppress
the encryption for a single small https exchange. But it would certainly be
On Mon, Jul 7, 2008 at 9:44 PM, <david at lang.hm> wrote:
> On Mon, 7 Jul 2008, Martin Langhoff wrote:
> On Mon, Jul 7, 2008 at 7:20 PM, Carol Lerche <cafl at msbit.com> wrote:
>>> Why does automatic authentication require a custom browser? Client
>>> certificates work well for this function in ordinary web applications
>>> (assuming a properly configured server).
>> I haven't delved into this deeply yet, but I suspect that, while I am
>> fond of client certs, they won't work - SSL network and CPU overhead
>> and sidestepping PKI madness for server certs. More on this when I get
>> to implement it.
> what about using client certs, but then null encryption after that? it's a
> non-standard config, but that's just a config option, not code changes.
> David Lang
> Now, anyone who wants to have a strong say on how I am developing this
>> is free to start implementing it ahead of me, and showing me some
>> fantastic patches :-)
Frisbeetarianism is the belief that when you die, your soul goes up on the
roof and gets stuck -- George Carlin
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel