[cryptography] use of mutual authentication (was: trustwave admits issuing corporate mitm certs)

ianG iang at iang.org
Mon Feb 27 18:47:29 EST 2012


On 28/02/12 10:08 AM, coderman wrote:
> On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray<marsh at extendedsubset.com>  wrote:

> mutual authentication... what a concept. is it really that rare?

Not really.  It is widely used in protocols that didn't drink the PKI 
kool-aid.  Skype, SSH, SOX, DigiCash, all use it, to name a few.  And 
they did so more or less naturally following good design processes.  A 
particularly indicative data point is SSH which offered both client-side 
keys and passwords, and the latter sort of fell by the wayside.



iang



More information about the cryptography mailing list