Re: How can I act as a Certificate Authority (CA) with openssl ??
From: Dr. David Kirkby (see_my_signature_for_my_real_address_at_hotmail.com)
Date: 09/28/04
- Next message: Tom St Denis: "Gentoo Linux insecurities..."
- Previous message: Paul Rubin: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- In reply to: Davide Bianchi: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- Next in thread: Bruno Wolff III: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- Reply: Bruno Wolff III: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Sep 2004 03:55:51 -0700
Davide Bianchi <davideyeahsure@onlyforfun.net> wrote in message news:<slrnclhunp.1ij.davideyeahsure@fogg.onlyforfun.net>...
> On 2004-09-27, Dr. David Kirkby <see_my_signature_for_my_real_address@hotmail.com> wrote:
> > I (name David) want to put a secure web server up for a friend (Paul)
> > to he can access some documents securely for himself, no matter where
> > in the world he is. Whilst signing the certificate myself (saying I'm
> > Micky Mouse if I want) is okay for our purposes, I'd like (just out of
> > interest) to know how to be a Certificating Authority (CA).
>
> To become a CA you need to 'register' yourself as a CA by submitting
> the request to whoever is managing the first-level domain registration
> in your country. Every country have different way, but basically they
> require that you are a corporation or business body with certain cash
> available (aka: you don't disappear in a puff of smoke after 2 years
> or so) and you need to follow other guidelines.
But as far as I am aware, there is nothing legally (in the UK at
least) stopping me signing a digital certificate, verifying the
identity of someone else, then putting that on a web site. Of course,
whether a third party chooses to trust me is entirely up to them.
Being a 'nobody', I don't suppose others would attach too much weight
to it.
As long as you have a fixed IP (IP address = A.B.C.D), there is
nothing stopping me having a secure server at https://A.B.C.D, without
any domain name, so the point about the top level domain can't really
be valid.
I can see that the cost of certificates might make some companies
think about doing their own. If the securtiy office, or HP department
of a company wishes to sign digital signatures for staff, I can't see
why they should not do so. I'm sure if Microsoft signed their own
certificates, in a way verifyable from the homepage of
www.microsoft.com, that would satisfy most poeple.
I was more interested in this for the technical reasons, rather than
for any other purpose, since the certificate is going to go onto a
site that is password protected, and will only be accessable to 2 or 3
people. So the fact the rest of the world does not trust me, makes no
difference at all.
> And BTW, don't sign your certificate with MM: you'll get sued by
> Disney.
Point taken!
> Davide
David Kirkby
- Next message: Tom St Denis: "Gentoo Linux insecurities..."
- Previous message: Paul Rubin: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- In reply to: Davide Bianchi: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- Next in thread: Bruno Wolff III: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- Reply: Bruno Wolff III: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
