True, if the clients are willing to trust me as a CA. I don't believe a
client has the option of only accepting certificates signed by certain CAs
at certain sites. It is all or nothing. With time and a lack of ethics, I
could wreck havoc if someone trusted me as a CA.
Chompsky
>From: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: SSL Authentication Issues
>Date: Thu, 12 Jul 2001 11:32:52 +0200
>
>Hello,
>
>One solution is to deliver private certificates to your clients.
>
>You can create a CA how delivers personal certs and give thoses certs in
>PKCS12 format protected with a PIN code !
>
>Sylvain
>
>--------------------------------------------------------------------------------------------------------
>Sylvain Maret
>Senior Security Engineer - Strategic Director
>e-Xpert Solutions SA
>Route de Pr�-Marais 29
>1233 Bernex / Geneva
>Switzerland
>
>Tel: +41 22 727 05 55
>Fax: +41 22 727 05 50
>Mail: [EMAIL PROTECTED]
>
>
>
>
>"Chompsky Turing" <[EMAIL PROTECTED]>
>Sent by: [EMAIL PROTECTED]
>11.07.2001 17:48
>Please respond to modssl-users
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject: SSL Authentication Issues
>
>
>Let me propose the following hypothetical situation. I am running a
>apache/mod_ssl server (or anyother server for that matter) with a secure
>directory that requies client authentication. Two types of clients accesst
> his directory. There is a group of clients that only trust Verisign as aC
> A, and a group that only trusts Thwart as a CA. I have certificates
>signed
>by both CAs. Is there a way to set my server up so that it can send the
>correct certificate to every client? I believe the answer is no, but I
>thought I would check just in case. Perhaps there exists some sort of work
>a
> round. Thanks.
>
>Chompsky
>
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
>
>
>
>-----------------------------------------------------------------------------------------------
>DISCLAIMER
>This email and any files transmitted with it, including replies
>and forwarded copies (which may contain alterations)
>subsequently transmitted from the Company, are confidential
>and solely for the use of the intended recipient. It may contain
>material protected by attorney-client privilege. The contents
>do not represent the opinion of e-Xpert Solutions SA except
>to the extent that it relates to their official business.
>
>If you are not the intended recipient or the person responsible
>for delivering to the intended recipient, be advised that you
>have received this email in error and that any use is strictly
>prohibited. If you are not the intended recipient, please advise
>the sender by return e-mail, then delete this message and any
>attachments.
>
>e-Xpert Solutions SA: [EMAIL PROTECTED]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
