Re^4: OpenID alternatives, what do you suggest

Here is a nice article on setting up an htaccess based client ssl certificate system. client ssl certs Now I have something to play with this afternoon. :-)

It appears to be in line with your desire for different keys for each site, and is generated by the site and the access key is given to the client. I guess the weakness here is how you get the key to the client? It would have to be delivered personally to them, but in an office setting that would be easy.

My envisioned model is slightly different, with a common public key that you use for all sites, that the server admin would retreive from a public server.

Anyways, this look cool, I hope I can get it working.

I'm not really a human, but I play one on earth Remember How Lucky You Are

Comment on Re^4: OpenID alternatives, what do you suggest

Replies are listed 'Best First'.
Re^5: OpenID alternatives, what do you suggest by mr_mischief (Monsignor) on Sep 25, 2008 at 16:09 UTC
It is also possible to generate a key pair, store your private key and public key in your browser, and send your public key to the server. The bigger-named browsers mostly allow you to import the keys, but not to generate them. Setting up the system on the server is left as an exercise. ;-) If you're dealing with shared secret encryption or distributing a private key, the trick to getting the secret key to the intended party is to do so out of band or to transfer it along a channel already secured by some other encryption.	[reply]

Replies are listed 'Best First'.

Re^5: OpenID alternatives, what do you suggest
by mr_mischief (Monsignor) on Sep 25, 2008 at 16:09 UTC

If you're dealing with shared secret encryption or distributing a private key, the trick to getting the secret key to the intended party is to do so out of band or to transfer it along a channel already secured by some other encryption.

[reply]