Re: Digital verification of authentic documents ?
From: splatter (me_at_me.net)
Date: 10/15/03
- Next message: Doug Fox: "anti mail relay methods?"
- Previous message: phn_at_icke-reklam.ipsec.nu: "Re: Digital verification of authentic documents ?"
- In reply to: phn_at_icke-reklam.ipsec.nu: "Re: Digital verification of authentic documents ?"
- Next in thread: Richard: "Re: Digital verification of authentic documents ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Oct 2003 12:45:50 -0400
<phn@icke-reklam.ipsec.nu> wrote in message
news:bmjsma$2c1s$1@nyheter.ipsec.se...
> splatter <me@me.net> wrote:
>
> > <phn@icke-reklam.ipsec.nu> wrote in message
> > news:bmhp4p$1noa$1@nyheter.ipsec.se...
> >> Richard <qaz1521@hotmail.com> wrote:
> >> > Word 2002 allows you to digitally sign a document using an X.509
> >> > certificate.
> >>
> >> Who would trust Word 2002 (Or anything from redmond ?)
> >>
> >> And the key point is : whats a X.509 certificate worth if
> >> you cannot verify it's origin ?
>
> > My question to you is are you being a troll or really that ignorant? You
> > verify the certificate by checking the sources revocation list, & making
> > sure the cert is from a trusted source. But you knew that didn't you?
>
> > dp
> i've never been called 'troll' before, do You call anyone "troll"
> that does not share your opinions ?
No just people that seem to want to bash microsoft just for the sake of
having something topical to say. IE "trolls"
> - That MS Word should function correct in a seldom used portion
Huh?
> - that the certificate you see is faked. How to check that ? By
> moving upwards. To who ? Depends on certificate issuer, if it's
> a privately (=home made) cert you need to ask the issuer
> Point is , is this really the issuer you "talk to" ?
> If it's issued by, lets say, verislyme, who do they _think_
> they signed this certificate ( veri-sign don't seem to be
> very interested _who_ someone claims to be or represent, they
> only care about the bill is payed)
> - that the cert issuer has nu publicly available revocation list
> and that that list is :
> a/ current
> b/ correct ( which gives us the question again "who do you trust)
>
> Thinking that a document is claimed to be signed by a software
> from, a company with the worst most horrible security record
> actually is signed by someone is _far from_ giving me good sleep.
First off Microsoft's record doesn't have anything to do with anything. I am
far from a MS advocate but your key argument seems to be that one you don't
trust MS, and 2 you don't trust verisign.
If that's the case then don't trust anyone, but don't spread FUD to others.
The fact is when you get a verisign certificate you provide all your
information to them along with a check. By doing this you have gotten into a
web of trust that allows for other users to check your revocation status,
and then trust you via your connection with that organization. If your
worried about MIM attacks that is easy enough to track by simply looking at
the certificates information and comparing it to the sender.
It sounds to me like you just don't buy into the concept at all and have a
bad taste in your mouth about the OP question about a MS product so you
wanted to take a easy jibe. Hence why you where called a troll.
DP
- Next message: Doug Fox: "anti mail relay methods?"
- Previous message: phn_at_icke-reklam.ipsec.nu: "Re: Digital verification of authentic documents ?"
- In reply to: phn_at_icke-reklam.ipsec.nu: "Re: Digital verification of authentic documents ?"
- Next in thread: Richard: "Re: Digital verification of authentic documents ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
