[3866] in WWW Security List Archive
Re: More on Certificates - "transmissibility"
daemon@ATHENA.MIT.EDU (Patrick C. Richard)
Fri Dec 20 19:21:09 1996
Date: Fri, 20 Dec 1996 13:42:02 -0800 (PST)
From: "Patrick C. Richard" <patr@xcert.com>
To: si10875@ci.uminho.pt
cc: www-security@ns2.rutgers.edu
In-Reply-To: <9612201129.AA05817@caeiro.ci.uminho.pt>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 20 Dec 1996 si10875@ci.uminho.pt wrote:
> I have a doubt about client authentication using certificates.
> Suppose I have a perfectly valid certificate, say passed by Thawte,
> if I lend this certificate to a friend of mine, can he access a secure server
> where I had permission to enter, even though he is on another IP address
> and using another email address?
>
> As you migth have noticed, may doubt is if secure servers do any
> run time verification of the information on the certificate.
SSL uses your cert and the server's cert to negotiate a session
key.
This session key can only be found if you also have your private key.
See the SSL FAQ at consensys.com
-Pat
>
> Thanks,
>
> Jorge
>
>
----
Pat Richard
patr@x509.com
