On 01/30/2009 02:31 PM, Denis McCarthy:
Actually, one other thing. While I agree with you on the thin clients issue, many of our applications use their own PC's to run our application (they have other applications they use on their PC besides ours)
Typically server certificates are issued to servers, not clients. Perhaps if your applications behave like servers, they should use a server certificate, if your applications need to authenticate to a different server then they should use client certificates. Both of them don't have to be bound to a person (individual) per se. Many low-assurance certificates are exactly that.
Now, when installing a certificate in Windows platforms you've got the possibility to choose the computer account (with the right access rights). You can install all kinds of certificates to the computer account. Making the authentication call is of course a different story. Windows has for example smart card logon, which is again bound to a user, not machine. Having the machine authenticate might be also possible with AD and DC.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
