[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: [openssl-users] (no subject)
From:       Jeffrey Walton <noloader () gmail ! com>
Date:       2016-08-27 0:45:32
Message-ID: CAH8yC8mhK7z74xRrO2R-NzcBsKibTas4SBN0R2o5FcjGd3b7jA () mail ! gmail ! com
[Download RAW message or body]

On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza <thespamer@gmail.com> wrote:
> I just found it.
> 
> Hope to help someone with same requirement.
> 
> http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>  

There's also Origin Bound Certificates (OCB),
http://www.czeskis.com/research/pubs/tls-obc.pdf. They are like
"tear-off" personal certificates. A user generates one on the fly for
an origin/site, and then uses it when needed. Its not signed by an
authority, so its like the user equivalent to a server's self signed
certificate.

The appealing thing with them is they effectively stop the MitM games
played by many user agents. Not surprisingly, the browser have mostly
rejected them because in their security model, interception is a valid
use case.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[prev in list] [next in list] [prev in thread] [next in thread]