Re: Question on client authentication and signing

Wed, 07 Mar 2001 07:16:05 -0800 


Greg;

        Thanks. Therefore if I read this right, all the actually data
passed across the session (i.e. all the real data passed after the
handshae has been completed) is encoded with the symmetrically generated
key only and hence could not be used to non-repudiation?

Jeff


On Wed, 7 Mar 2001, Greg Stark wrote:

> Jeffrey,
> 
>     The short answer is neither. The client's only use of its private key is
> to sign a hash of the handshake messages, one of which includes the server
> random value.
> 
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
> 
> 
> 
> ----- Original Message -----
> From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 07, 2001 9:46 AM
> Subject: Question on client authentication and signing
> 
> 
> > People;
> >
> > I've been asked to review a document for some PKI system which
> > deals with some issues I have not come across before and was hoping
> > someone could verify what I believe is true. This is more a browser/SSL
> > issue than openssl, but I think I can generalize it enough.
> >
> > If an SSL server requires a client certificate, are all
> > transmissions passed to the server encoded with the private key of the
> > client, or just the initial secret key exchange? I'd assume just the
> > initial key exchange from what I know of the SSL protocol.
> >
> > Thanks
> >
> > Jeffrey Burgoyne
> > [EMAIL PROTECTED]
> >
> >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to