Re: X.509 Certificate based authentication

That's basically right. I'd rephrase your second point to say that the
client "has" the private key. Ownership is more of a loaded word since it
implies that something can be stolen but still owned by someone else. :)
Essentially, the client signs some data using the private key during the
exchange with the server and the server verifies the signature using the
public key in the certificate that the client sends.

The advantage of using commercial CAs is that they typically chain up to
certificates that are built in to the Windows trusted root certificate
store, so they will be trusted as coming from a known source. Certificates
issued by roots that don't chain to a known trusted root will not verify
automatically unless both parties choose to accept the root CA as a trusted

If your system is issuing the client certificates, then they can be issued
by any CA you want as long as you can convince your clients to trust the
certificate and you configure your servers to do the same. However, if you
need to accept arbitrary certificates, this becomes impractical.

The primary benefit of using certificates and PKI over raw keys is that
there is this hierarchical notion of trust that allows you to know something
about the owners of the keys without having to exchange them manually in
advance. Certificates also attempt to associate some identity info with a
key as well as a validity period and usage restrictions.

The only reason why either party would attempt to contact any of the CAs in
the chain would be to check the certificate revocation list (CRL) of any of
the CAs to see whether or not a particular certificate has been revoked.
Everything else is already in the certificate itself.

I'm not sure about a book, but perhaps Practical Cryptography would be a
good start?

Joe K.

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
<gudujarlson@xxxxxxxxx> wrote in message
Thanks for all the replies. What I hear you saying are the following:

- I cannot assume that anything is unique except the public key (or
public key hash), unless the CA specifically asserts it is unique.
- I can assume that IIS does authenticate that the sender of the
certificate is the owner of the private key.
- In general, I have to do my own identification of the client and
subsequent authorization.

Can you refer me to an authoritative general reference on the subject
(e.g. a book)?

One further question... does IIS need to talk to the Certificate
Authority in order to authenticate the client? If not, what exactly
am I paying for when I buy a certificate from a commercial Certificate
Authority? Why can't I make my own certificates? I'm used to making
my own private-public key pairs for SSH.