Re: SSL Security




Arne <Arne@xxxxxxxxxxxxxxxxxxxxxxxxx> writes:
IS x.509 certificate the same as Public/private key pair?

identity x.509 digital certificates from the early 90s were frequently
overloaded with personal information and eventually realized to
represent a significant privacy and liability hazard.

digital certificates were introduced to solve a problem in the OFFLINE,
electronic world ... somewhat analogous to the letters of
credit/introduction from the sailing ship days (and before) where the
relying party had no prior information about the party they were dealing
with and no way of directly contacting any responsible party.

an example of the offline, electronic scenario is the email environment
from the early 80s ... where there would be a dial-up to local
electronic post-office, exchange email, and then hang-up. then when
dealing with first time email from total stranger, the recipient had no
way of determining what they were dealing with. digital certificates
could provide trusted distribution of information about the stranger.

one of the pieces of trusted information distributed in this offline
environment could be the stranger's public key ... allowing the
recipient to verify any digital signature generated by the stranger
(with their private key).

another proposal from the early 80s for means of (real-time) trusted
distribution of public key can be found in this old email:
http://www.garlic.com/~lynn/2006w.html#email810515

other discussions about real-time distribution of public key (and
other information) can be found in these collected posts referencing
a "catch-22" situation for the SSL digital certificate certification
authority industry (something they need to improve their integrity,
but at the same time could result in obsoleting the need for them)
http://www.garlic.com/~lynn/subpubkey.html#catch22

and other collected past posts about SSL digital certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert
.



Relevant Pages

  • Re: GPG
    ... "public key" is a business process is where one of the key pair is ... "digital certificates" and institutions frequently called "certification ... X9.59 protocol slightly tweaked the paradigm to require transactions to ...
    (comp.os.linux.security)
  • Re: Why is Kerberos ever used, rather than modern public key cryptography?
    ... Kerberos started out being able to register "something you know" ... registering a public key ... ... , in addition to authentication. ... stale/static information carried in the digital certificates ... ...
    (sci.crypt)
  • Re: open source encryption software
    ... The "easiest" and most secure ... | way is to use digital certificates. ... | that is sent to you, you now have their public key. ... | will have to encrypt the file for each person. ...
    (alt.computer.security)
  • Re: open source encryption software
    ... secure way is to use digital certificates. ... Now you can use their public key to encrypt ...
    (alt.computer.security)