Brian,
*smacks forehead* Sorry about the confusion - and I
admit I did reply before visiting the link in your
original post. Mea culpa. :-)
Regarding client's Digital IDs... you're right.
There's
no security there at all (based on my limited
understanding
of how they're issued and used). Even if a CA like
Verisign went to _extreme_ lengths to verify the
identity of the person applying for the id (which they
don't), I don't know of any way to stop someone from
distributing their ID to others, or making the ID
non-functional on anyone else's system.
--- Brian Snyder <[EMAIL PROTECTED]> wrote:
> Al and others,
>
> Hi. Thanx for your response. I realize that gives
> an extra level of
> security from the **SERVER** side.
> What I am specifically referring to is the
> **client** authorization allowed
> with SSL3.0 If you look at the versisign link I
> pointed to below, it
> talks about this optional ability w/ ssl3.0, where
> the server can ask the
> client for HIS/HER certificate. This is what I'm
> specifically
> curious about, because how would they define a
> client certificite where it
> couldn't be copied. I suppose utilizing the same
> security as you have mentioned for server
> authentication, whereby the
> certificate is keyed to the computer in some way,
> though I couldn't
> envision this working very well... what if a person
> uses multiple computer
> (work/home) then this method wouldn't work...
>
> Any ideas?
> Thanx,
> brian
>
> > -----Original Message-----
> > From: Al Shaver [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 24, 2000 10:59 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Client Authentication??
> >
> >
[snip, snip]
> > Regards,
> > Al Shaver
> > [EMAIL PROTECTED]
> >
> > --- Brian Snyder <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > I have a quick question about client
> > > authentication.
> > >
[more snippage...]
> > >
> > > TIA,
> > > brian
> > >
> > >
> > >
> > >
> >
> > > ATTACHMENT part 2 application/octet-stream
> > name=Brian Snyder.vcf
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send online invitations with Yahoo! Invites.
> > http://invites.yahoo.com
> >
>
______________________________________________________________________
> > OpenSSL Project
> http://www.openssl.org
> > User Support Mailing List
> [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
> >
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]
>
__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]