[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] Hw to do client authentication only?

To: Eduardo Saltelli <esaltelli@webmethods.com>
Subject: RE: [iaik-ssl] Hw to do client authentication only?
From: Fred Dushin <fadushin@syr.edu>
Date: Wed, 6 Sep 2000 10:32:48 -0400 (EDT)
cc: Polar Humenn <polar@adiron.com>, Gerald Brose <brose@inf.fu-berlin.de>, iaik-ssl@iaik.tu-graz.ac.at
In-Reply-To: <PAEHLNFDFDIPADNCIGNDOEDJCDAA.esaltelli@webmethods.com>
Reply-To: fadushin@syr.edu
Sender: iaik-ssl-owner@iaik.tu-graz.ac.at

> Whlie it is true that the SSL protocol itself cannot force the client to
> authenticate itself, you can augment the handshaking phase to effectively
> force the client to authenticate itself.
> 
> Take a look at the iaik.security.ssl.ServerTrustDecider.  This is called
> whenever a new session is established on your server.  If the client has not
> presented a certificate chain or the chain is not trusted, return false.
> The end result: the client is forced to authenticate itself.

This is not a part of the SSL standard.  That is what is at issue here.

Fred Dushin

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl

Follow-Ups:
- AW: [iaik-ssl] Hw to do client authentication only?
  - From: "Peter Lipp" <Peter.Lipp@iaik.at>

References:
- RE: [iaik-ssl] Hw to do client authentication only?
  - From: "Eduardo Saltelli" <esaltelli@webmethods.com>

Prev by Date: [iaik-ssl] server cert problem, even with HttpsDemo !
Next by Date: Re: [iaik-ssl] Hw to do client authentication only?
Prev by thread: RE: [iaik-ssl] Hw to do client authentication only?
Next by thread: AW: [iaik-ssl] Hw to do client authentication only?
Index(es):
- Date
- Thread