[3857] in WWW Security List Archive
More on Certificates - "transmissibility"
daemon@ATHENA.MIT.EDU (si10875@ci.uminho.pt)
Fri Dec 20 09:08:00 1996
From: si10875@ci.uminho.pt
Date: Fri, 20 Dec 1996 12:29:22 +0100
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I have a doubt about client authentication using certificates.
Suppose I have a perfectly valid certificate, say passed by Thawte,
if I lend this certificate to a friend of mine, can he access a secure server
where I had permission to enter, even though he is on another IP address
and using another email address?
As you migth have noticed, may doubt is if secure servers do any
run time verification of the information on the certificate.
Thanks,
Jorge
