* Kyle Hamilton wrote on Wed, Apr 09, 2008 at 14:22 -0700:
Each peer goes through this process:
1) peer creates a keypair
2) peer generates a CSR (certificate signing request) for its public key.
3) peer connects to server, submits CSR along with whatever
information necessary to determine
...
Authentication and authorization can be dovetailed into the same step.
Not necessarily in all circumstances, and there are many
circumstances within which it makes no sense -- but there are also
situations that are so simplistic and low-risk as to not need the
increased complexity. (increased complexity
Hacker' from China that
is connected (and noone else can decrypt data sent to them :)),
as the certificate correctly states, protected by strong
cryptography...
Authentication and authorization can be dovetailed into the
same step. Not necessarily in all circumstances