On Feb 16, 2014, at 8:45 AM, Jasper Kips <jasper@xxxxxxxxxxxxx> wrote: > Op 16 feb. 2014, om 05:26 heeft Tedd Sperling <tedd@xxxxxxxxxxxx> het volgende geschreven: > >> I also claim that s SSL Certificate has absolutely nothing to do with actual HTTPS communication between the Browser and the Server. For example, I can use HTTPS communication by simply placing a script in a HTTPS directory or using a .htaccess directing such -- all without a SSL Certificate. >> > As far as encryption goes, de HTTPS encryption is based on PKI. Therefore the server has two certificates, the private one, which should never be served, and the public one, which always is served. The certificate is used for the first part of the handshake for encryption. > > So, technically, you got it reversed. Although one goal of the certificate in HTTPS is identification, it is in itself not trustworthy, although lots of times it can be trustworthy. It is however needed to setup the encryption, between client and server in HTTPS. So, if you do not have a SSL Certificate then you cannot have HTTPS communication -- is that your claim? Cheers, tedd _______________ tedd sperling tedd@xxxxxxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
