> PS. If it possible to safely add extra fields to a client certificate, then
> is it also possible with SSL3 or TLS to only allow those client
> certificates to be submitted in an encrypted manner, to a SSL
> server, after the client application first validates the server
> certificate? That way, the client's certificate can contain private
> data in its fields that only trusted servers are allowed to see.
> (This is method would be very useful for decentralized databasing.)
Investigate Thawte's Extranet CA solution (www.thawte.com). They
create custom fields in the X509 certificate that are extracted by a
Apache module and used like Basic auth. This is basically what you are
asking about.
Steve
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
