[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NEW Data type for certificate selection ?
On Thu, 1 Oct 1998, Olle E. Johansson wrote:
>Stefan Santesson wrote:
>
>> 1) In SSL the server may select preferred client certificate by Issuer DN,
>> and "certificate type"
>> 2) You suggest hashed SSN (social security numbers) using "salt"
>>
>Even if I don't know all the details in your scheme, I would like to put
>up a privacy warning here. A user might not want _any_ server to search
>the database of user certificates.
Olle:
As you can read in my previous full msg (where that part was taken
from), Stefan did not copy the following paragraph -- which I would
like to highlight and which fully answers your concern:
It is important to note that *if* the customer's browser fails to
authenticate the Bank's server, then this will generate a fatal
handshake-failure alert in SSL if the non-authenticated Bank still
tries to go into phase 2 above -- so, the second phase is privacy
protected by the first.
Cheers,
Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
-- Member of the Meta-Certificate Group -- http://www.mcg.org.br