to add some words:
- you can generally do whatever yoou want "inside" your private network.
(you however need to check that you're not doing anything against
people inside this net).
- legal restriction depend on countries. As Michael said, authentication
is generally accepted without problems, but common use of https/ssl/
tls and so is to encrypt not only the authentication data but all the rest,
and this is subject to legal things.
- now, if you use "commonly" available products, you generally have
no problems as vendors have probably done everything to make'em
legally usable. if no, they are certainly legla but provide no security!
so it's not a legal concern, but a security problem.
Indeed, restrictions are generally harder on vendors than on users.
but check your local laws though...
At 09:48 11/12/00 -0800, Michael Batchelder wrote:
>You can do this, using tools w/OpenSSL to generate "generic" _server_
>certificates (you can also generate client certificates, but that's not
>what I think you meant or want). Encryption restrictions apply only for
>exchange of data, not on identification (which is what the keys of the
>cert are for), as far as I know. Export restrictions would then affect
>exchange of the data by restricting the size of your SSL session key, I
>believe.
>
>Michael
>
>
>"Li, John" wrote:
> >
> > We have been running a https site and a department about 30 persons to
> > access it. We just want to use a generic client certificate to authenticate
> > people from that department. And we can do it technically by importing that
> > certificate for the whole department into everyone's workstation, but is
> > that legal or not? Could anyone give me any advice? Thanks a lot.
> >
> > John Li
> > (905)475-5504
> > [EMAIL PROTECTED]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
