# Comment by ☕️ mozz

=> /s/Gemini/1111 Re: "hobby coder here with a question.  When implementing client..."
=> /s/Gemini In: s/Gemini

the certificate is signed -> the certificate cannot be generated without the owner's private key -> the certificate's hash cannot be generated without the owner's private key -> the certificate hash cannot be spoofed

=> /u/mozz ☕️ mozz
2023-05-27 · 1 year ago

## 3 Later Comments ↓

=> /u/skyjake/1116 🕹️ skyjake [mod...] · 2023-05-27 at 06:34:
You may be interested in this thread where the same topic came up:
=> /s/Bubble/149 — /s/Bubble/149

=> /u/alexlehm/1119 🤖 alexlehm · 2023-05-27 at 08:56:
I had a big problem convincing people on another project that the way client hashes are used are in fact secure (since I asked how to do that in a Java server). In the end it turned out to work quite well, I use that in my chat server

=> /u/gritty/1143 🍀 gritty [OP] · 2023-05-27 at 16:34:
perfect, that's what I thought. thanks everyone!

# Original Post

=> /s/Gemini 🌒 s/Gemini
hobby coder here with a question.  When implementing client authentication, do we just store the tls client hash? If so how is this not able to be spoofed? I'm guessing there is some public key authentication going on in the background. looking at the spec and some searches only helped a little.
=> /s/Gemini/1111 💬 gritty · 4 comments · 2023-05-27 · 1 year ago · #certificates #client_certificates #programming