I can't say I fullu understand what you want to do. Would you use TLS client-cert-auth to the proxy and then let the application based on received cert do a popCR? Are we talking javascript or native code?
Anders ----- Original Message ----- From: "Emmanuel Dreyfus" <m...@netbsd.org> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Wednesday, March 17, 2010 14:12 Subject: Re: popChallengeResponse unimplemented? Anders Rundgren <anders.rundg...@telia.com> wrote: > That's correct. But even if you send a stolen static cert req, you don't > get very far with that since if you haven't the private key you can't > use the returned cert anyway which I guess is why this function haven't been > much requested. > > I'm not sure what you had intended to use this function My idea was to use it for authentications purpose. The SSL handshake only allows the client to authenticate against the web server. If you want to authenticate using certificate to another service for which the web server is just a proxy (a LDAP directory for which you have a web frontend is an example), you must have a privilegied web application. In order to make the web application unprivilegied, I had the idea of implementing a SASL plugin that would send a POP challenge to the browser. But perhaps there are alternatives? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
