On Thu, 31 Jan 2008 03:04, [EMAIL PROTECTED] said:

> If you want a "public" example of client certificate usage:
> https://secure.cacert.org/
> (You need a (free) client certificate from www.CAcert.org to be able to 
> access 

Which has the problem that you may use any certifcate you ever created
wit cacert.org to log in.  Even certificates created for demo purposes
with published private keys.  That was the case up until a year ago; I
don't know whether this has been changed.  I was a bit surprised about
such a security flaw.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to