In .NET 3.5, CardSpace supports sending security tokens to websites that don't have an SSL certificate. This is for websites like personal blogs or other low-risk applications where using SSL might be overkill. In this example, Kim shows how to add support for Information Cards to a website in about 30 lines of code.
Let’s face it. Getting a certificate, setting up a dedicated external IP address, and configuring your web server to use https is non-trivial for the average person. Nor does it make much sense to require certificates for personal web sites with no actual monetary or hacker value. I would even say that without proper security analysis, vetting of software and rigorous operating procedures, SSL isn’t even likey to offer much protection against common attacks. We need to evolve our whole digital framework towards better security practices, not just mandate certificates and think we’re done.
Posted
Nov 29 2007, 09:49 AM
by
keith-brown