[cryptography] use of mutual authentication (was: trustwave admits issuing corporate mitm certs)
iang at iang.org
Mon Feb 27 18:47:29 EST 2012
On 28/02/12 10:08 AM, coderman wrote:
> On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray<marsh at extendedsubset.com> wrote:
> mutual authentication... what a concept. is it really that rare?
Not really. It is widely used in protocols that didn't drink the PKI
kool-aid. Skype, SSH, SOX, DigiCash, all use it, to name a few. And
they did so more or less naturally following good design processes. A
particularly indicative data point is SSH which offered both client-side
keys and passwords, and the latter sort of fell by the wayside.
More information about the cryptography