I have a quick question about client authentication.
How exactly is authenticity gauranteed? If verisign (or whoever) gives one
a digital ID, this is just a file on the computer.
Whats to stop said person from sharing this signature and giving it to all
his friends. The way I understand it, and from what I've
read on the topic at (http://www.verisign.com/clientauth/), it seems like
they want to use digital IDs for client authentication, to
okay business transactions and the like. It seems extremely easy to copy
and redistribute one's keys so how exactly does this
give the server authentication?
TIA,
brian
Brian Snyder.vcf
