On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray <[email protected]> wrote: >... > Still it might be worth pointing that if Wells Fargo really wanted to forbid > a Trustwave network-level MitM, SSL/TLS provides the capability to enforce > that policy at the protocol level. They could configure their web app to > require a client cert (either installed in the browser or from a smart > card).
many years ago at $my_old_telco_employer they supported web based call monitoring. they required a client side cert purchased from verisign specifically for the purpose. we had pages of documentation detailing how to generate the request, and add the cert into your browser. this was the first and only time i had ever used client certificates from a CA vendor in such a manner. mutual authentication... what a concept. is it really that rare? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
