[cap-talk] Loss of control (was: Re: A paper on web-keys)
Mark Miller
erights at gmail.com
Fri Feb 1 11:38:56 EST 2008
On Feb 1, 2008 8:29 AM, Karp, Alan H <alan.karp at hp.com> wrote:
> The waterken server currently does SSL with server-side authentication. Adding client-side authentication might give enough additional information to implement the kind of controls the ACL folks think they want.
I don't understand. What use would you make of client-side
authentication? Would the use you have in mind be vulnerable to
confused deputy problems?
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list