> This is a really bad model. You are putting all of the client's
> secret keys in a place where they will be vulnerable to attack.
>
> Why does the connection between the Client and the CGI Proxy have to
> be protected by SSL such that the CGI Proxy can view the data?
This is a bad mode, I think too....but
Until now, my customers have used end-end SSL connection at their system.
Their www servers use client authentication.
And now, we propose introdution of Tursted OS into the front end of
their system.
If we reconstruct their system on Trusted OS, all go well.
But they don't want to modify their system.
If we introduce Trusted OS, end-end SSL connection is divided,
client to Trusted OS and Trusted OS to backend www server.
So I dicided to develop CGI Proxy.
I put All of the client's secret keys in a place.
But the machine's OS that holds all keys is Trusted OS.
So I think that their secret keys are safe...maybe.
---
nakamura
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- client certificate Nakamura,TakayukiTKSSC
- RE: client certificate Nakamura,TakayukiTKSSC
- RE: client certificate Jeffrey Altman
- RE: client certificate Nakamura,TakayukiTKSSC
- RE: client certificate Jeffrey Altman
- RE: client certificate Nakamura,TakayukiTKSSC
- client certificate yongw
- Client Certificate Gautier Philippe
- client certificate Zhong Chen
- Re: client certificate Greg Stark
- Re: client certificate Dr S N Henson
