Re: Client Authentication??

Mon, 24 Apr 2000 20:17:10 -0700 

Brian,

You're correct in that the certificate is just a file
- however, it's a file with certain information
encrypted into it that identifies the common name of
the server that will be using it. For example, if Acme
Corporation
applies for and is issued a certificate, they must
supply the server name (perhaps www.acme.com) as part
of the registration process. That server name becomes
part of the information encrypted into the
certificate.

Now, once that certificate is installed in Acme's 
webserver, a web browser can verify that name in the
certificate matches the web server name it's being
served from. If the webmaster at Acme were to give a
copy of the certificate to the webmaster at General
Widgets Corp. and the certificate was served to a web
browser, the browser would present the user with a 
warning message that the server name in the
certificate 
didn't match the name of the server the browser is
connecting to (i.e., www.acme.com does not match
www.generalwidgets.com).

Hope this helps.

Regards,
Al Shaver
[EMAIL PROTECTED]

--- Brian Snyder <[EMAIL PROTECTED]> wrote:
> 
> 
> I have  a quick question about client
> authentication. 
> 
> How exactly is authenticity gauranteed?  If verisign
> (or whoever) gives one
> a digital ID, this is just a file on the computer.
> 
> Whats to stop said person from sharing this
> signature and giving it to all
> his friends.  The way I understand it, and from what
> I've
> read on the topic at
> (http://www.verisign.com/clientauth/), it seems like
> they want to use digital IDs for client
> authentication, to 
> okay business transactions and the like.  It seems
> extremely easy to copy
> and redistribute one's keys so how exactly does this
> give the server authentication?
> 
> TIA,
>   brian
> 
>  
> 
> 

> ATTACHMENT part 2 application/octet-stream
name=Brian Snyder.vcf


__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to