Announcing Droplets
Tyler Close
tyler@waterken.com
Wed, 29 Sep 1999 16:24:17 -0400
> If there is an adequate answer, then you are correct. If
> there isn't, then
> both of us were wrong.
I believe I am correct. The SSL spec says very clearly that:
One such encapsulated protocol, the SSL Handshake Protocol,
allows the server and client to authenticate each other and
to negotiate an encryption algorithm and cryptographic keys
before the application protocol transmits or receives its
first byte of data.
This seems pretty clear to me. If it wasn't so, then any
secure web site on the net could be spoofed.
Tyler