Re: SSL Security




Arne <Arne@xxxxxxxxxxxxxxxxxxxxxxxxx> writes:
IS x.509 certificate the same as Public/private key pair?

identity x.509 digital certificates from the early 90s were frequently
overloaded with personal information and eventually realized to
represent a significant privacy and liability hazard.

digital certificates were introduced to solve a problem in the OFFLINE,
electronic world ... somewhat analogous to the letters of
credit/introduction from the sailing ship days (and before) where the
relying party had no prior information about the party they were dealing
with and no way of directly contacting any responsible party.

an example of the offline, electronic scenario is the email environment
from the early 80s ... where there would be a dial-up to local
electronic post-office, exchange email, and then hang-up. then when
dealing with first time email from total stranger, the recipient had no
way of determining what they were dealing with. digital certificates
could provide trusted distribution of information about the stranger.

one of the pieces of trusted information distributed in this offline
environment could be the stranger's public key ... allowing the
recipient to verify any digital signature generated by the stranger
(with their private key).

another proposal from the early 80s for means of (real-time) trusted
distribution of public key can be found in this old email:
http://www.garlic.com/~lynn/2006w.html#email810515

other discussions about real-time distribution of public key (and
other information) can be found in these collected posts referencing
a "catch-22" situation for the SSL digital certificate certification
authority industry (something they need to improve their integrity,
but at the same time could result in obsoleting the need for them)
http://www.garlic.com/~lynn/subpubkey.html#catch22

and other collected past posts about SSL digital certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert
.