Announcing Droplets

Ben Laurie ben@algroup.co.uk
Thu, 30 Sep 1999 13:08:20 +0100


"Mark S. Miller" wrote:
> 
> Another possible problem droplets may have, depending on how the https handshake works.  Let's say the authentication of fudco.com is fine, for some some adequate meaning of fine, when you dereference
> 
>      https://www.fudco.com/blah.html
> 
> The question: Might the handshake reveal the full URL to an outside observer, or to an alleged fudco that fails to authenticate?  If so, then in your scheme a thief can steal the swiss number.

No HTTP data is exchanged until the certificate has been authenticated.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi