Re: preliminary SSL client
Brought to you by:
tyranny
Menu
▾
▴
Re: preliminary SSL client
|
From: <mi...@ac...> - 2001-08-26 01:55:39
|
Alexey Mahotkin <al...@hs...> writes: > m> However, I didn't see any server code in your stuff, so I assume > m> you are using my server for this? > > No, I decided very long ago to do the first minimal implementation of > SSLified server with a help from stunnel, so only the client needs > actual SSL code inside. Ah, stunnel is an external application. I didn't know about that. > > I think that's going to be rather useful setup anyways. However, this > scheme allows only server certificates verification. There is a > demand for client certificate verification (w/o the login/password at > all), and that will be implemented too some day (and would require > minimal changes in client code, I believe). I've spent some time thinking about this. The big pain will be key management for all the users, you will have to store the key in something like a password file or some database and look up the key by username. The users will have to generate keys, and changing their key will be a pain (although you could probably devise some way to transfer it). But it would be more secure than the password version. -Corey |
