[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?

[John Smith]

2009/12/26 Lars Francke <lars.francke at gmail.com>:
> Hmmm one of us doesn't understand OAuth or we have a different
> understanding of what _mutual cryptographic authentication_ is.

As others have said, without SSL it can still be brute forced so
that's not exactly what I was thinking.

SSL can use client and server certificates and they can authenticate
against each other.