--0-548178878-1140116327=:22482
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi:
I am working on securing a webservice front-ended by the Apache webserv=
er.
=20
It is possible that in this application the requirements will be :
(1) Clients be authenticated using a password they enter using a form t=
hat is secured using https. For this I am planning to download mod_ssl an=
d get a certificate from Versign/Thwate. I have the information I need to=
enable this [documentation avail on the net].
=20
(2) Once the client is verified, then it is possible that subsequent in=
teractions of that client will include 'getting' documents from this webs=
ite. The only caveat is: It is possible that once signed in, the exchange=
between the client/server will require no encryption, but only a digital=
signature to guarantee that the document has not been tampered with.
=20
My question relates to (2). Is it possible to set up mod_ssl + apache c=
onfiguration that the sign-in of the client happens using a form enabled =
over https [contents are encrypted]. But subsequent interactions of an au=
thenticated client do not suffer encryption while simultaneously providin=
g a digital signature guarantee [hence ensuring that the document is tamp=
er-proof]? so basically- I am asking=20
2.1) is it possible to turn on signing while disabling encryption?
2.2) Is this possible to do over one webserver using virtual hosts or w=
ill I need more than one instance of the service?
=20
Thanks in advance.
Arjun Khanna.
=20

=09
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
--0-548178878-1140116327=:22482
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi:
I am working on securing a webservice front-ended by=
the Apache webserver.
 
It is possible that=
in this application the requirements will be :
(1) Clients b=
e authenticated using a password they enter using a form that is secured =
using https. For this I am planning to download mod_ssl and get a certifi=
cate from Versign/Thwate. I have the information I need to enable this [d=
ocumentation avail on the net].
 
(2) Once t=
he client is verified, then it is possible that subsequent interactions o=
f that client will include 'getting' documents from this website. The onl=
y caveat is: It is possible that once signed in, the exchange between the=
client/server will require no encryption, but only a digital signature t=
o guarantee that the document has not been tampered with.
&nb=
sp;
My question relates to (2). Is it possible to set up mod_=
ssl + apache configuration that the sign-
in of
the client happens using a form enabled over https [contents are encrypt=
ed]. But subsequent interactions of an authenticated client do not suffer=
encryption while simultaneously providing a digital signature guarantee =
[hence ensuring that the document is tamper-proof]?  so basically- I=
am asking
2.1) is it possible to turn on signing while disa=
bling encryption?
2.2) Is this possible to do over one webser=
ver using virtual hosts or will I need more than one instance of the serv=
ice?
 
Thanks in advance.
Arjun =
Khanna.
 



Relax. Yahoo! Mail=20
http://commu=
nications.yahoo.com/features.php?page=3D221">virus scanning helps det=
ect nasty viruses!
--0-548178878-1140116327=:22482--
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org