> Ouch. So if the certificate fails then the user can just use an
> easily obtained ID and password combination? Security controls should
> be in serial not parallel. In parallel the weakest link allows the
> other secure links to be bypassed. I would argue against this as it
> breaks security best practices.
> *Not* what I want with a VPN solution.
Different sites have different needs.
Dr George D M Ross, School of Informatics, University of Edinburgh
Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr@xxxxxxxxxxxx Voice: +44 131 650 5147 Fax: +44 131 667 7209
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
Description: PGP signature