Allowing the null encryption algorithm in the browser would enable it for other later negotiations, which seems an unnecessary exposure to suppress the encryption for a single small https exchange. But it would certainly be possible.<br>
<br><div class="gmail_quote">On Mon, Jul 7, 2008 at 9:44 PM, <<a href="mailto:david@lang.hm">david@lang.hm</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Mon, 7 Jul 2008, Martin Langhoff wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Mon, Jul 7, 2008 at 7:20 PM, Carol Lerche <<a href="mailto:cafl@msbit.com" target="_blank">cafl@msbit.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Why does automatic authentication require a custom browser? Client<br>
certificates work well for this function in ordinary web applications<br>
(assuming a properly configured server).<br>
</blockquote>
<br>
I haven't delved into this deeply yet, but I suspect that, while I am<br>
fond of client certs, they won't work - SSL network and CPU overhead<br>
and sidestepping PKI madness for server certs. More on this when I get<br>
to implement it.<br>
</blockquote>
<br></div>
what about using client certs, but then null encryption after that? it's a non-standard config, but that's just a config option, not code changes.<br>
<br>
David Lang<div><div></div><div class="Wj3C7c"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Now, anyone who wants to have a strong say on how I am developing this<br>
is free to start implementing it ahead of me, and showing me some<br>
fantastic patches :-)<br>
<br>
cheers,<br>
<br>
<br>
<br>
m<br>
<br>
</blockquote>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Frisbeetarianism is the belief that when you die, your soul goes up on the roof and gets stuck -- George Carlin