>
> >From my understanding, the client cert is transmitted in clear.
> When server receives the client cert, server verifies the client
> cert using a CA (or chained CAs), like verifying the date, signature,
> etc. The question I have is that whoever could intercepts the client
> cert could fake the client. Am I right?
No. A certificate (whether it be client or server) is of no value
unless you also have the private key that matches it.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
