Arshad Noor wrote: > > My understanding of the TLS protocol is that the browser only sends > the certificates signed by CAs that the server trusts; are you saying > that the protocol allows for asking ANY certificate from the browser > cert-store, regardless of who signed it? > Yes, one can configure a web server to accept ANY certificate for client auth.
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
