Thanks Martin. Have updated the code to include the request signature (to prevent Man-In-Middle) and encrypted the client's random public key for good measure. I also included the KeyVerifier logic as final measure so client can verify server knows the same key. Not sure this explicit verify step is actually required, but can be returned in the reply, so not really expensive.

--William
William | Homepage | 01.28.05 - 11:09 am | #

Thanks for the update William. I will definitely use it, may be even next month. I will let you know what my impression is.
Martin Kulov | Homepage | 02.24.05 - 6:28 pm | #