What is the current standard of authentification?
I thought it is server and client authentification.
But I typed for e.g. https://www.google.com/ and checked the packages in wireshark. And there is only a server authentification. I am wondering why the server is never sending me the TLS CertificateRequest-message (Isn't it the only way how client-authentification can be accomplished?).
Shouldn't that be standard and why why should a HTTPS-Webserver trust me? (Retrieving a certificate from a common CA should be easy for my webbrowser)
Aucun commentaire:
Enregistrer un commentaire