>
> I still don't follow. For example, if Bob has a cert with his name,
> public key, some encrypted private data, and the CA signature. When
> Bob sends his cert to a server to make a SSL connection, his cert might
> be intercepted by John. And then, John could use the same cert to fake
> as Bob
hi,
last time i checked it sends the results as your auth cert.. you do
need to enter a passphrase or cache it to produce the unique result that
is shuttled to the server. this is the means used to verify you are who
you say you are.. what you have, and what you know.. hmmm...
which means th
>
> >From my understanding, the client cert is transmitted in clear.
> When server receives the client cert, server verifies the client
> cert using a CA (or chained CAs), like verifying the date, signature,
> etc. The question I have is that whoever could intercepts the client
> cert could fake
Yunhong Li wrote:
>
> >From my understanding, the client cert is transmitted in clear.
> When server receives the client cert, server verifies the client
> cert using a CA (or chained CAs), like verifying the date, signature,
> etc. The question I have is that whoever could intercepts the client
>From my understanding, the client cert is transmitted in clear.
When server receives the client cert, server verifies the client
cert using a CA (or chained CAs), like verifying the date, signature,
etc. The question I have is that whoever could intercepts the client
cert could fake the client.
