RE: On-the-fly self generated certs for network application

Marco Cunha Thu, 11 Jan 2001 03:40:34 -0800
Hi Michael,
        I think I understand what you mean :). If my answer doesn't make any sense
then I've obviously missed your point, so please explain it further.

When I said "we can't have our clients" I meant the people who buy the
software, although through out the rest of that (and this) email when I say
"client" I meant the client side of the network layer I'm writing.

Now then, with that bit out of the way... I'm not authenticating the client
in any way. Well at least not in the sense that I require the client to have
a cert installed. I'll try and write a little workflow table in ASCII :

Client                  Server
-----------------------------------------------------
                                Create self-signed cert
Connect
                                Accept
SSL Handshake
                                SSL Handshake
Get serv cert
Validate cert fields
Start talking
                                Blah Blah
SSL Shutdown
                                SSL Shutdown
Connection Shutdown
                                Connection shutdown


This is what I'd like to do. I don't mind not being able to tell who is on
the other side for sure, I only require encryption  and not authentication.
(Not secure authentication at least.). The client will never have a cert.

I don't take care of the "talking" bit. I just make sure they get a secure
channel and can exchange messages through whatever network protocols are
available. It's someone else's trouble to implement the protocol(s) that
will run over this.

This is kind of like HTTPS with no client cert but here the server makes him
own cert instead of requiring the installation of a cert.

Marco Cunha

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Michael Stroder
Sent: quinta-feira, 11 de Janeiro de 2001 10:53
To: [EMAIL PROTECTED]
Subject: Re: On-the-fly self generated certs for network application

[cut]

There's no authorization without proper authentication.

Ciao, Michael.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: On-the-fly self generated certs for network application

Reply via email to
