Thank your reply and patience =o) - this *something* is the public key within the certificate. As I see it, the information is already present through the correlation between the public and private key.
As of yet there has been no response to this point: Is it not true that although I may connect to someone with with a copy of a certificate containing only a public key, they can do nothing (can't sign), and understand nothing (can't decrypt), as they do not possess the private key. Is this not true? This is the point I am trying to understand. If it is not true, then why? How do they send data with correct signatures? How is the data decrypted at their end? If this is true I need no unique ID such as DNS, I simply require a response from the peer, and close connections if data signatures do not match. Am I wrong? Regards, Jan On Thu, 2002-01-10 at 17:51, Rich Salz wrote: > Sorry I was not clear enough. > > I connect to www.foo.com over SSL, and everything validates. The > server's certificate says "joe" in the DN. > > How do I know that joe is "www.foo.com"? There must be *something* in > the certificate that identifies the host. > /r$ > -- > Zolera Systems, http://www.zolera.com > Information Integrity, XML Security > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
