Alex, Do you presume that the websites in the domains that you intend to track users will install the self-signed CA certificate that issued the client-certificate to the unsuspecting user? If not, how will the browser know which client certificate to send to the website during client-auth? And what happens to the users who do not have have client-certs issued by this CA when they attempt to connect to the site?
Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Alexander Klink" <[EMAIL PROTECTED]> Tracking visitors in an unnoticed way over several domains is typically not as easy as this, I believe. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
