Fixing SSL
Werner Koch
wk at gnupg.org
Thu Jan 31 15:24:23 EST 2008
On Thu, 31 Jan 2008 03:04, pg at futureware.at said:
> If you want a "public" example of client certificate usage:
> https://secure.cacert.org/
> (You need a (free) client certificate from www.CAcert.org to be able to access
Which has the problem that you may use any certifcate you ever created
wit cacert.org to log in. Even certificates created for demo purposes
with published private keys. That was the case up until a year ago; I
don't know whether this has been changed. I was a bit surprised about
such a security flaw.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list