From: frantz@netcom.com (Bill Frantz)
Date: Sat, 8 Jun 1996 09:48:53 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: WWW servers.
Message-ID: <199606071858.LAA28919@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn:
>> Does there currently exist a system which permits webservers to restrict 
>> access to clients who have a given certification?

Sameer:
>       Yup.
....
>       =) Stronghold: The Apache-SSL-US, coupled with XCert
>Sentry. What else?

Bill Stewart:
>Of course, there's a simpler approach; restrict access to people
>who have logins and passwords, and only give those to people
>who have the certification...

But of course, cleartext passwords have their own problems.  You really
need to make use of the fact that there is a computer at both ends so you
are protected from replay attacks.  With that caveat, passwords work fine
(except for the difficulty of remembering a bunch of them vs. the
insecurity of using the same one multiple places or writing them down).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA