๐พ Archived View for bbs.geminispace.org โบ s โบ Gemini โบ 1111 captured on 2023-06-14 at 14:23:25. Gemini links have been rewritten to link to archived content
โก๏ธ Next capture (2023-07-10)
-=-=-=-=-=-=-
hobby coder here with a question. When implementing client authentication, do we just store the tls client hash? If so how is this not able to be spoofed? I'm guessing there is some public key authentication going on in the background. looking at the spec and some searches only helped a little.
2023-05-27 ยท 3 weeks ago
the certificate is signed -> the certificate cannot be generated without the owner's private key -> the certificate's hash cannot be generated without the owner's private key -> the certificate hash cannot be spoofed
You may be interested in this thread where the same topic came up:
I had a big problem convincing people on another project that the way client hashes are used are in fact secure (since I asked how to do that in a Java server). In the end it turned out to work quite well, I use that in my chat server
perfect, that's what I thought. thanks everyone!