Re: simple question about certificate chains

From: Edward A. Feustel (efeustel_at_direcway.com)
Date: 07/05/05 

Date: Tue, 5 Jul 2005 07:18:12 -0400

"Maik Wiege" <mswiege*nospam*@gmx.de> wrote in message
news:dadlb7$260d$1@ulysses.news.tiscali.de...
>> Dunno what this has to do with ssh?
> Sorry - misstyped that! Meant SSL of cource.
> > Anyway, it won't work out
>> unless you control/manipulate the dns server setup in the client
>> system. Your browser will check the cert against reverse DNS and
>> bail out if these don't match, end of story.
> OK, I unerstand that's for Servers, but what about client
> certificates (I know that they are not used that much by now, but
> what if they will become obligatory for online banking for example
> in the future - or what ever)? Isn't the idea of the certificat,
> that I could be pretty shure who I'm talking to and doesn't the
> chaining screw the whole idea up?
> just thinking...
>
> greetings
> Maik
>
The key to the whole certificate idea is keeping private keys private!
You might be amazed at the effort that the certificate authorities such as
Verisign, RSA, Trust, etc.
put into guarding their private keys. If the private keys are lost or
someone invents a method
to obtain them, the whole scheme goes down the drain. As long as the private
keys are not
compromised and as long as you have turned on Certificate Validation (many
people don't),
you have some assurance that you are talking to an authenticated entity.

Ed

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Relevant Pages

  • Re: CA, Certificates, some clearification
    ... No, the user certificate is stored on the AD user object, not the ... Private keys do not roam between machines for users unless you are using ... If the certificate is stored in> the user account, if the user moves between multiple machines, does he have> access to his public and private keys? ... > MMC on the server there is a pending request, why is it trying to create a> certificate for basic file encryption when i already have a certificate that> supports file encryption? ...
    (microsoft.public.win2000.security)
  • Re: E-mail encryption. Is this right? Isnt it a security hole?
    ... Regarding protecting your private keys, a good model is to never store your ... > When the receiver reads the encrypted e-mail uses his/her private key. ... > reads the CRL (Certificate Revocation List) from the Certificates CDP ...
    (microsoft.public.security)
  • Re: simple question about certificate chains
    ... Meant SSL of cource. ... The key to the whole certificate idea is keeping private keys private! ... You might be amazed at the effort that the certificate authorities such as ...
    (alt.computer.security)
  • Re: P2P Authentication
    ... > use their private keys to encrypt data that they send to the other. ... resulting in the digital signature. ... appropriate public key (taken from the recipient's trusted public key ... this digital certificate is digitally ...
    (comp.security.misc)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... > Then the world would have no problem trusting your domain level PKI ... coined the term "certificate manufacturing" to distinquish from actual ... it turns out that one of the reasons for the SSL server domain name ...
    (sci.crypt)
Quantcast