WWW servers.
Bill Frantz
frantz at netcom.com
Fri Jun 7 18:48:53 PDT 1996
Black Unicorn:
>> Does there currently exist a system which permits webservers to restrict
>> access to clients who have a given certification?
Sameer:
> Yup.
....
> =) Stronghold: The Apache-SSL-US, coupled with XCert
>Sentry. What else?
Bill Stewart:
>Of course, there's a simpler approach; restrict access to people
>who have logins and passwords, and only give those to people
>who have the certification...
But of course, cleartext passwords have their own problems. You really
need to make use of the fact that there is a computer at both ends so you
are protected from replay attacks. With that caveat, passwords work fine
(except for the difficulty of remembering a bunch of them vs. the
insecurity of using the same one multiple places or writing them down).
------------------------------------------------------------------------
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
(408)356-8506 | lost jobs and | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA
More information about the cypherpunks-legacy
mailing list