This is the scenario. I have a root CA which i use to sign both the client certificate and server certificate. When you are checking the client certificate all you are checking is if the ip address matches the ip address in the certificate but the certificate and ip address could be anyones?. Therefore all i need if i want to connect to the server is the same root CA as the server and then make my own client certificate and then connect to the server. In this case the root CA is all i need to have to make my client CA. Therefore, why is this check needed at all?.
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
