David, What would be an approach then to implement such functionality.. I just asked another question on Attribute certificates, but maybe you can comment on that.
Thank you very much ________________________________ From: David Schwartz <dav...@webmaster.com> To: openssl-users@openssl.org Sent: Wednesday, June 24, 2009 4:17:44 PM Subject: RE: Custom SSL certificate parameters > Is it possible to create custom parameters into a certificate. Yes. You can put anything you want in a certificate. It's basically just a binary chunk of data that is signed. > For example, if I wish to have a certificate for a custom HTTP > server which can only accept maximum of 5 concurrent users, > can I incorporate this (lets say maxusercount parameter) into > a certificate so at the server I can retrieve this value and > only allow the number of users specified? Not really. Certificates do not work as certificates when the enforcer and the enforcee are the same entity. Or, to put it more simply, a certificate can tell you who someone else is but not who you are. If you do use a certificate to do this, you are not actually using it as a certificate. The security properties of certificates fundamentally rely on the entity processing the certificate to itself be trusted. So you can use Firefox to convince you that you really reached Amazon.com, but you can't use Firefox to convince you that you really used Firefox to reach them. Fundamentally, you must be authenticating something other than yourself. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
