[Standards-JIG] certificate and private key retreival

Ian Paterson ian.paterson at clientside.co.uk
Wed Mar 17 16:40:23 UTC 2004


> Probably there are systems
> which only implement a function like
> boolean checkPwd(String user, String passwd)

So it might not be possible to integrate with some 'blackbox' legacy
authentication systems.

Where this is important, the protocol could allow the server to insist on
receiving the user's real password. To decrypt their private keys, the users
would then have to enter a different password, or trust their server.




More information about the Standards mailing list