Future of KSSL
kostko at jweb-network.net
Fri Nov 17 19:05:49 GMT 2006
> This is not the right place to debate how to implement SSL, but
> you must know that SSL is as much about the policy decisions as it is
> about the cipher. Simply dropping a scramble over the wire without
> having proper certificate validation is good for fooling only most
> primitive of those who might want to observe traffic. It gains
> almost nothing in terms of security.
No doubt about it, but currently there is no alternative - KSSL does not work
properly and the users need basic SSL support in version 0.8.0.
After this release and after porting to KDE4/Qt4 security concerns can be
addressed (in KDE4 KSSL will hopefully be fixed so I can use that again with
all the certificate storage and validation you have there), but currently
there is no such choice.
More information about the kde-core-devel