On Sun, Sep 23, 2007 at 01:44:44AM -0700, Philippe M. Chiasson wrote: > > > > If the concern is that someone might spoof an IP address then the > > shared secret seems adequate. > > If the secret is ever compromised, you have to update every single > client/server out there. If a client cert is compromised, you revoke it > and carry on doing business as usual. > > > If the concern is that someone might hack a client machine and make > > fake requests to the server then it seems the hacker would have access to > > the client cert just as easily as the shared secret. > > Yup, but you can revoke a client-cert, not a shared secret...
Hum, perhaps I'm missing something. The shared secret can be a single pair between a specific client and the server. The server is setup with a list of known secrets, so it's possible that each client has its own secret pair with the server. If a client is compromised then just that secret pair is removed/replaced and other clients continue. > > But, as I said, I have not used client certs before so I might be > > missing a key point. > > Oh, and a bonus point. Client applications can generate their own certs, > and only get your CA to sign them. It's a much neater approach IMO. And > totally worth the slight extra complexity of running your own CA. Plus, it all happens at a higher level. The shared secret has to be at the application, where mod_ssl can handle client cert. It's just something I need to learn more about... Thanks, -- Bill Moseley [EMAIL PROTECTED]
