WebApp Sec mailing list archives

Re: dual certificate/smartcard web session management

From: Alexander Kalinovsky <akalinovsky () yahoo com>
Date: Sat, 18 Sep 2004 08:45:31 -0400

As far as I know, this is not possible. Client side digital certificateauthentication is performed via SSL handshake. To force the user topresent another smartcard you would have to terminate the SSL sessionand force authentication again. This may work in sequence, but not atthe same time.


Best Regards,
Alex

Frank Dobb wrote:

Hello,

I am designing a authentication/session managment
system for a financial web application. Browsers will
be upto date versions of IE, Netscape.

Each client post will have a dual smartcard reader and
two different smartcards will have to be present for
the entire web session.

I am looking for ideas, references, white papers or

any other pointers how this has achieved in the past.

Thanks in advance, Frank




                
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

Current thread:

dual certificate/smartcard web session management Frank Dobb (Sep 16)
- Re: dual certificate/smartcard web session management Alexander Kalinovsky (Sep 18)
- Re: dual certificate/smartcard web session management Rogan Dawes (Sep 18)
- <Possible follow-ups>
- RE: dual certificate/smartcard web session management Scovetta, Michael V (Sep 18)