This is a fair and accurate point, given probably the vast majority of bulletin board installations not using SSL. So the fat client would communicate with the centralized service with SSL, but then how would bulletin boards share the data with the centralized service? Over non-SSL? There are ways to ensure tampering does not occur, with having MAC'd datastreams, but even encryption of the datastreams means key management on top of whatever licensing scheme is used to allow communication between BB and server. It's cheaper to use SSL at that point.MarkTheDaemon wrote:In the vast majority of cases you'd be sending the details across unencrypted as well, isn't this a security issue?