RE: Client Authentication??

Al Shaver Tue, 25 Apr 2000 11:51:43 -0700
Brian,

*smacks forehead* Sorry about the confusion - and I 
admit I did reply before visiting the link in your
original post. Mea culpa. :-)

Regarding client's Digital IDs... you're right.
There's
no security there at all (based on my limited
understanding
of how they're issued and used). Even if a CA like
Verisign went to _extreme_ lengths to verify the 
identity of the person applying for the id (which they
don't), I don't know of any way to stop someone from
distributing their ID to others, or making the ID
non-functional on anyone else's system. 


--- Brian Snyder <[EMAIL PROTECTED]> wrote:
> Al and others,
> 
> Hi.  Thanx for your response. I realize that gives
> an extra level of
> security from the **SERVER** side. 
> What I am specifically referring to is the
> **client** authorization allowed
> with SSL3.0  If you look at the versisign link I
> pointed to below, it
> talks about this optional ability w/ ssl3.0, where
> the server can ask the
> client for HIS/HER certificate.  This is what I'm
> specifically
> curious about, because how would they define a
> client certificite where it
> couldn't be copied.  I suppose utilizing the same
> security as you have mentioned for server
> authentication, whereby the
> certificate is keyed to the computer in some way,
> though I couldn't 
> envision this working very well... what if a person
> uses multiple computer
> (work/home) then this method wouldn't work...
> 
> Any ideas?
> Thanx,
>    brian
> 
> > -----Original Message-----
> > From: Al Shaver [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 24, 2000 10:59 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Client Authentication??
> > 
> > 

[snip, snip]
 
> > Regards,
> > Al Shaver
> > [EMAIL PROTECTED]
> > 
> > --- Brian Snyder <[EMAIL PROTECTED]> wrote:
> > > 
> > > 
> > > I have  a quick question about client
> > > authentication. 
> > > 

[more snippage...]

> > > 
> > > TIA,
> > >   brian
> > > 
> > >  
> > > 
> > > 
> > 
> > > ATTACHMENT part 2 application/octet-stream
> > name=Brian Snyder.vcf
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Send online invitations with Yahoo! Invites.
> > http://invites.yahoo.com
> >
>
______________________________________________________________________
> > OpenSSL Project                                
> http://www.openssl.org
> > User Support Mailing List                   
> [EMAIL PROTECTED]
> > Automated List Manager                          
> [EMAIL PROTECTED]
> > 
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> [EMAIL PROTECTED]
> Automated List Manager                          
> [EMAIL PROTECTED]
> 

__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Client Authentication??

Reply via email to
