On Wed, Apr 9, 2008 at 2:21 PM, Julian <[EMAIL PROTECTED]> wrote: > Right, Gotcha! > > There is one flaw in this design however. > > Peers: > A, B, E > > By this scenario all three peers would be able to communicate, not just A > and B, but also E.
If E does not have a certificate signed by the CA, then A and B will refuse to talk to it. Who is E? Eve? Who is A? Alice? Who is B? Bob? If this is the case, then there's a party T (Trent, the trusted CA, the server that signs the certificates for A and B). If E doesn't have a certificate from T that they're okay, then during the certificate validation process A will see that E doesn't have the credential, and will close the connection before allowing any application traffic through. (B will do the same thing.) -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
