|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sun, 22 Dec 1996 09:15:40 -0600 From: Bertrum Carroll <bc17684@90.deere.com> To: si10875@ci.uminho.pt Cc: www-security@ns2.rutgers.edu Errors-To: owner-www-security@ns2.rutgers.edu si10875@ci.uminho.pt wrote: > > I have a doubt about client authentication using certificates. > Suppose I have a perfectly valid certificate, say passed by Thawte, > if I lend this certificate to a friend of mine, can he access a secure server > where I had permission to enter, even though he is on another IP address > and using another email address? > > As you migth have noticed, may doubt is if secure servers do any > run time verification of the information on the certificate. > > Thanks, > > JorgeI see your point but from the time you "gave" your certificate to your friend is no different than: 1. Giving your friend "Power Of Attny". 2. Give your buddy your car keys. And he / she wrecks your car. 3. Letting your buddy use your home for a party. Who cleans up? 4. Handing my credit cards to my wife and saying "go shop". As far as the Sys Admin at the server is concerned its you! If you give your buddy permission to use your good name I hope you can trust your buddy. The above is not a flame. We should consider certificates to be much like a credit card. The above are my thoughts. Not that of my company. / Insert standard Legal Stuff Here. / Don't use Crypto / Pay your taxes / Merry Xmas
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |