On Mon, Apr 15, 2002 at 06:48:45PM -0400, Perry E. Metzger wrote:
> Garrett Rooney <firstname.lastname@example.org> writes:
> > > There are known problems with mod_deflate, and there were some
> > > problems with
> > > apache's ssl stuff until recently, but the only known ssl problem we have
> > > right now (that I am aware of), is that we don't do any
> > > certificate handling.
> > the lack of certificate handling was the major problem i was refering
> > to.
> Certs are evil. SSH doesn't require them -- it just uses naked public
> keys -- which is one reason people like it so much.
What's the big different between client side certs and SSH keys? I mean,
you could install client side generated certs for use with your ssl
server. You install the public cert on the server, and the user has his
private cert (just like a ssh user has a public key on the server, and a
private of his own).
This is exactly how I do it currently.
Peter Mathiasson, peter at mathiasson dot nu, http://www.mathiasson.nu
GPG Fingerprint: A9A7 F8F6 9821 F415 B066 77F1 7FF5 C2E6 7BF2 F228
Received on Tue Apr 16 10:12:07 2002
- application/pgp-signature attachment: stored