On Wed, June 22, 2005 3:27 pm, bruce said: > rene.. > > you've grapsed the problem/issue, as have most. all i said was that i've > started to think about the issue of security as also meaning i have to > start > thinking about the client. just as users have had to start to think about > 'is the site i'm looking at, really the site i want/should be looking at?' It's remotely possible that you could get an RFC going about software installation generating an SSL certificate on the client, tied to the client's hardware signature[s]/ID[s], digitally signed by the software installation only if the MD5 hash of the software matched an expected value, and... No, still too easy to hack, if the Bad Guy can change out the binary of the browser in the first place. I think everybody here is thinking about what you are saying, and they're all saying "It won't work" So you can either be the next Einstein and prove them wrong, or it really won't work. Take your pick. At any rate, it's not a PHP question, and you should probably take it to a Security RFC type of forum, please. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php