[CLUG-chat] Website Visitor Authentication that can't be given to others

Charles Oertel charles at finebushpeople.net
Fri Jun 17 14:32:48 SAST 2005


Hi Mike

Mike Morris wrote:
> Issue your subscribers with an x509 certificate that you generate and do 
> auth-digest (iirc) authentication.

Ok, very nice - this is new to me.  I found a few informative links:  it 
seems you can have a user install a certificate in their browser via a 
web link.

Now, what stops the subscriber from forwarding the email with the link 
to their certificate to their buddy?  Surely, even after generating a 
specific certificate for user X, we have no way of knowing if user Y has 
gotten a copy and is using it on their machine too?

regards
--
Charles Oertel
FineBushPeople.net
tel: 021 701 8231
fax: 021 701 3338



More information about the Clug-chat mailing list