[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: David Woolley
Subject: Re: lynx-dev FORCE_SSL_PROMPT:NO
Date: Sat, 26 Jul 2003 10:15:58 +0100 (BST)

> "echo QUIT | openssl s_client -connect whatever.invalid:443 > certfile"

This is only useful if the site is local and connected over a physically
secure network.  Otherwise you need mechanisms, that go beyond simply
providing a link, to ensure that you are actually getting the certificate
from the real site, e.g. you might look for a key signature in printed
literature, or phone them up to verify the key signature.

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]