On Thu, 6 Dec 2001, Rich Salz wrote:
rsalz> So the ability to trust your certificate depends on the ability to
rsalz> trust DNS.
rsalz>
rsalz> It's like building a castle on a foundation of sand.
Well, you surely have a point here.
If you replicate my site and fake my dns zone then every one who
resolve through your DNS, whould install your fake CA certificate, and
would access with no problems to your fake site receiving your fake certs
signed by your fake CA. After that you would be able to get sensitive
information such usernames and passwords...
So, in conclusion: I can't have a self signed CA in any way?
What about to give the certificate finger print to my users? Not
in an electronic way but in a piece of paper? So they could check at
install time..
--
Paulo Matos
----------------------------------- ----------------------------------
|Sys & Net Admin | Servi�o de Inform�tica |
|Faculdade de Ci�ncias e Tecnologia | Tel: +351-21-2948596 |
|Universidade Nova de Lisboa | Fax: +351-21-2948548 |
|P-2829-516 Caparica | e-Mail: [EMAIL PROTECTED] |
----------------------------------- ----------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
