I have a client certificate that was issued to me by a CA that contains potentially sensitive information such as my name, my position within my organisation, my location, and so on. This certificate has been imported into my browser (Netscape).
What are the rules in the SSL protocol regarding the disclosure of client certs to any HTTPS server I might connect to? Since the certs are signed and not encrypted, if SSL sends some or all of these certs to a foreign HTTPS server, won't my X.509 credentials be disclosed to the foreign server? I am hoping I have a fundamental misunderstanding here .. Thanks, Ben ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]