Hi,
I'm just starting to lok at iis as the web server for hosting an internet
site.
What extra level of security does client certificates provide. ? If i don't
reuqire client certificates what extra level of security am i sacrificing?

As far as i'm aware they aren't needed for encyrpting the sesssion key( used
for encypting all data transfers) , so do they just add a bit extra verification/authentication
of the client, nothing to do with encryption?
Reading the online help for IIS states:
"The basic, industry standard client certificate contains several items of
information: the identity of the user, the identity of the certificate authority,
a key file used for establishing secure communications, and validation information,
such as an expiration date and serial number".

What is this key file and what is it used for?

Thanks for all info.

client certificates are used to verify user identity, when data is encrypted
with private key it insures that the data hasn't been tampered with.
certificates are used for SSL, and you only need SSL if you transmitt sensitive
info.

Sergey..

"john harkin" <john.harkin@singularity.co.uk> wrote:
>
>Hi,
>I'm just starting to lok at iis as the web server for hosting an internet
>site.
>What extra level of security does client certificates provide. ? If i don't
>reuqire client certificates what extra level of security am i sacrificing?
>
>As far as i'm aware they aren't needed for encyrpting the sesssion key(
used
>for encypting all data transfers) , so do they just add a bit extra verification/authentication
>of the client, nothing to do with encryption?
>Reading the online help for IIS states:
>"The basic, industry standard client certificate contains several items
of
>information: the identity of the user, the identity of the certificate authority,
>a key file used for establishing secure communications, and validation information,
>such as an expiration date and serial number".
>
>What is this key file and what is it used for?
>
>Thanks for all info.