Subject: CAcert Code Development list.
List archive
- From: "Ian G (Audit)" <iang AT cacert.org>
- To: cacert-devel AT lists.cacert.org
- Subject: Re: new OpenPGP Code for testing
- Date: Wed, 08 Apr 2009 17:03:38 +0200
- Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none
On 8/4/09 16:09, Philipp Gühring wrote:
Hi Martin,
should i be able to login by client-certificate?
No.
The test-system had started with an empty database (due to privacy
reasons, we did not copy any user-data from the production system),
so you can only login to the testsystem with a client-certificate that
was issued by the testsystem.
Um. Off original topic: And what does it do with a CAcert signed certificate that *wasn't* issued by the system?
The basic point of certificates was that we could rely on the signed data on the basis of only the signatures chain, and not have to store things.
Obviously the issuer also has the luxury of storing things ... so I can see the merit in the above notion of only accepting issued certs, an advantage that is unavailable to others.
I'm just wondering what happens in the "impossible" case :)
iang
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- new OpenPGP Code for testing, Henrik Heigl, 04/07/2009
- Re: new OpenPGP Code for testing, Martin von Oertzen, 04/08/2009
- Re: new OpenPGP Code for testing, Philipp Gühring, 04/08/2009
- Re: new OpenPGP Code for testing, Ian G (Audit), 04/08/2009
- Re: new OpenPGP Code for testing, Philipp Gühring, 04/08/2009
- Re: Certificate login to the test system, Bernhard Froehlich, 04/09/2009
- Re: new OpenPGP Code for testing, Ian G (Audit), 04/08/2009
- Re: new OpenPGP Code for testing, Philipp Gühring, 04/08/2009
- Re: new OpenPGP Code for testing, Martin von Oertzen, 04/08/2009
Archive powered by MHonArc 2.6.16.