I have a client certificate that was issued to me by a CA that contains
potentially sensitive information such as my name, my position within my
organisation, my location, and so on.  This certificate has been imported
into my browser (Netscape).

What are the rules in the SSL protocol regarding the disclosure of client
certs to any HTTPS server I might connect to?  Since the certs are signed
and not encrypted, if SSL sends some or all of these certs to a foreign
HTTPS server, won't my X.509 credentials be disclosed to the foreign
server?

I am hoping I have a fundamental misunderstanding here ..

Thanks, Ben

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to