Nelson B wrote:
That is, one that requests that the client send a certificate to the
server identifying the client, during the SSL/TLS handshake?
You know it's a bit contradictory a "public" server that requires client
authentification.
Such servers do exist, but are intended to be accessed exclusively by
the restricted community that owns an adequate certificate and almost by
definition contain important, sensitive and personal information.
So there's nothing to gain by publicly proclaiming using one. Even if
they're as well protected as possible, there's few cases where the owner
will be willing to take the risk of attracting unwanted peoples
attention on them. However confident you are in the security of your
system, you never tell people "come and try to hack this" when it holds
real data.
So I think you won't see many people answering to your call, but that
may not be due to a lack of such servers.
Still, a few of those servers have such a large public that there's no
secrecy on their address.
One of those is the server of the french income tax authority. It will
soon be used by more than 1 million people to fill their declaration :
https://cfspart.impots.gouv.fr
The french tax authority has another such server for on-line VAT :
https://tva.dgi.minefi.gouv.fr
Hum, I'm thinking of another one. I believe the address of that secure
server is public information, but I'll check.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
