Yes - you are correct...if that entity that does the interception is able to handle that key without corrupting it - and gets in to the objective server before the real sender establishes a connection. This kind of phishing and interception is not fast enough to do the interception, make contact and establish a legitimate connection all at once. The interceptor would be doing the "man in the middle" stuff - and it ain't going to work. There needs to be at least 2 more estabished handshakes for this type of interception you are speaking of. With speed - it's pretty much a non-happening event.
-----Original Message----- From: david [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 17, 2005 9:23 AM To: Rich Salz Cc: [email protected] Subject: Re: Re: simple question again > > if somebody intercepts the certificate while it is in transit on the network, this person can use this certificate ? > > If you have a certificate you can verify something that's been signed > with the private key, or you can encrypt something so that only the > holder of the private key can decrypt it. > > You can't "do anything bad" with a certificate. In particular, you > cannot sign anything with it. In fact I use certificate to establish a VPN, the handcheck is based only on the certificate. Thus if somebody intercepts a certificate it can use the VPN ? (because the VPN server accepts all connection if it knows CA which signed the certificate of the user) thx for your answers david Protek-on: CaraMail met en oeuvre un nouveau Concept de Sécurité Globale - www.caramail.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
