Intuitively, you have to know that the client needs it's private key
for something. Since the public key certificate is public, it alone
can't prove that the client is you. Anyone can send your certificate
to a server, right?
In practice, the server walks the certificate chain, which proves that
As I understand it, the client signs data sent from the server in
order to authenticate itself. Therefore yes it does need its private
key.
On Tue, 18 Jan 2005 11:17:01 +, Shaun Lipscombe
<[EMAIL PROTECTED]> wrote:
>
> If the client sends the server its certificate (public key) and the
> ser
