[openssl-users] (no subject)
Jeffrey Walton
noloader at gmail.com
Sat Aug 27 00:45:32 UTC 2016
On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza <thespamer at gmail.com> wrote:
> I just found it.
>
> Hope to help someone with same requirement.
>
> http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>
There's also Origin Bound Certificates (OCB),
http://www.czeskis.com/research/pubs/tls-obc.pdf. They are like
"tear-off" personal certificates. A user generates one on the fly for
an origin/site, and then uses it when needed. Its not signed by an
authority, so its like the user equivalent to a server's self signed
certificate.
The appealing thing with them is they effectively stop the MitM games
played by many user agents. Not surprisingly, the browser have mostly
rejected them because in their security model, interception is a valid
use case.
Jeff
More information about the openssl-users
mailing list