Re: Question on client authentication and signing

Wed, 07 Mar 2001 07:23:41 -0800 

Greg,

When the client signs the handshake message hash with its private key, how
does the server (say, Apache/ModSSL) authenticate that encryption/signature
? Is the client's certificate also enclosed ? Asked for by the server ?
Needs to be stored on the server in advance ?

Regards,

Sandipan
----- Original Message -----
From: "Greg Stark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, March 07, 2001 8:39 PM
Subject: Re: Question on client authentication and signing


> Jeffrey,
>
>     The short answer is neither. The client's only use of its private key
is
> to sign a hash of the handshake messages, one of which includes the server
> random value.
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
>
>
> ----- Original Message -----
> From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 07, 2001 9:46 AM
> Subject: Question on client authentication and signing
>
>
> > People;
> >
> > I've been asked to review a document for some PKI system which
> > deals with some issues I have not come across before and was hoping
> > someone could verify what I believe is true. This is more a browser/SSL
> > issue than openssl, but I think I can generalize it enough.
> >
> > If an SSL server requires a client certificate, are all
> > transmissions passed to the server encoded with the private key of the
> > client, or just the initial secret key exchange? I'd assume just the
> > initial key exchange from what I know of the SSL protocol.
> >
> > Thanks
> >
> > Jeffrey Burgoyne
> > [EMAIL PROTECTED]
> >
> >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to