(no title)
nickf
|
2 months ago
Can I ask - if you're using publicly-trusted TLS server certificates for client authentication...what are you actually authenticating?
Just that someone has a certificate that can be chained back to a trust-anchor in a common trust-store? (ie your authentication is that they have an internet connection and perhaps the ability to read).
No comments yet.