On 3 Jun 2003 at 15:04, James A. Donald wrote:
> I never figured out how to use a certificate to authenticate 
> a client to a web server, how to make a web form available to 
> one client and not another.  Where do I start?
> What I and everyone else does is use a shared secret, a 
> password stored on the server, whereby the otherwise 
> anonymous client gets authenticated, then gets an ephemeral 
> cookie identifying him..   I cannot seem to find any how-tos 
> or examples for anything better, whether for IIS or apache.
> As a result we each have a large number of shared secret 
> passwords, whereby we each log into a large number of 
> webservers.  Was this what the people who created this 
> protocol intended?

Or to say the same thing in different words -- why can't HTTPS 
be more like SSH?    Why are we seeing a snow storm of scam
mails trying to get us to login to e-g0ld.com? 

         James A. Donald

Reply via email to