-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mouse schrieb: > Traditionally the term "self-signed" applied to certificates that are NOT > signed by anybody but the owner of the given key pair. With all the relevant > security implications. > > What is the purpose of checking for "self-signed cert"? To see if only the > owner signed that key? Of to see that key owner ALSO signed the key?
My example was to clarify the difference between signing and issuing... checking for self signed key means checking that the signature of the certificate matches the public key set in the certificate. - From the security point of view checking for a self signed cert is worthless: Self signed certs are only useful if you got or verified it with a secure channel outside of the protocol you use. If somebody was able to modify it in between you are f*ed up anyway. Using self signed certs in any other way is only for people that pretend to do something secure... Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFP6w/2iGqZUF3qPYRAg4GAJ4oHx3b3ihtlquIoiUGLOzqBVb0ngCdGHfA aFTFEsAE/bXwWLBHgs4Juts= =XfXM -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
