On Friday 26 January 2001 00:59, Wim De Clercq wrote:
> > On Thursday 25 January 2001 02:08, Wim De Clercq wrote:
> > > Would you use SSL with client authentication or would you use
> > > SSL only for confidentiality (and server authentication)? I
> > > assume you would not use SSL for authentication.
> >
> > I don't know.
> > Do you recommend not to use SSL with client authentication?
> > Why?
>
> Initially I thought it would enforce the use of a persistent key
> store at client side, but it is of course possible to generate the
> key pair on the fly as described by Luke.
I don't understand how are you going to provide a reliable user
authentication without the persistent key store at client side.
Please, explain me this.
If it is password based than IMHO the level of security is the same
as now.
> > If I understand correctly, for that we need to implement the
> > Security Service and a pair of LoginModules (client and server).
> > Also we need a volunteer ;-)
> >
> :-) I would like to participate, but I will first start with
> : looking at the
>
> source code.
Great.
Oleg
