Re: simple question again

Thu, 19 May 2005 01:41:42 -0700 

Hello :(

As usual trolling..

        The particular pages or components retrieved over the SSL link (the one
retrieved through URLs beginning with 'https'), will be sent over encrypted
links. In addition, the endpoint will be validated. So that if you retrieve
'https://www.amazon.com/anything/goes/here', you will receive a warning if
it cannot be established that the data came from 'www.amazon.com'.

        When you generate a certificate, you do it as follows:

        1) You create a new random private key and public key.

        2) You generate a certificate request that includes the public key.

        3) You sign the certificate request with the private key (to prove that 
you
know it)

        4) You send the certificate request to a certificate authority.

5) The certificate authority verifies the name you claim in the certificate
request to make sure it belongs to you. They verify that the request was
signed with the private key corresponding to the public key in the
certificate.



How? Which means he needs to have my un-encrypted pub_key :( so Step 3 is a bit confusing, or is it "attached" seperately?

        6) The certificate authority issues a certificate that says that your 
name
is associated with your public key. They sign it with their public key.

The certificate is generally considered public information. All it does is
convey the true fact that the certification authority has established that
the name in the certificate is the name of the holder of the private key
that corresponds to the public key in it.



So now I shall be able to fake the certificate :( ....

        You can now prove that you are you by presenting the certificate and 
then
proving that you know the private key. This is usually done by challenging
you to sign something with it or decrypt something with it.

        DS




Who challenges the certification authority? maybe thats why all those nice IE browsers have
trusted authorities" etc under tools->internetoptions->content->certificates, which probably contains the authorities "pub_key" which he has used to sign my pub_key

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to