On Sat, Jun 17, 2006 14:20:07 PM -0400, Wes Kussmaul ([EMAIL PROTECTED])
wrote:
> First, the self signed root certificates included in every machine
> generally don't represent any duly constituted public
> authority... There is only one source of duly constituted public
> authority that I know of
Even if your browser was personally installed by the Pope, you still
have the same problem.
First, the self signed root certificates included in every machine
generally don't represent any duly constituted public authority. They're
typically the product of companies that can be bought and sold
On 6/15/06, Dave Pawson <[EMAIL PROTECTED]> wrote:
3. Endpoint B (server/recipient of REST service)
Registers the CA as a trusted authority (how?)
'Has access' to the private key of the CA (the server and CA are
in reality one and the same organisation)
While that would be possible
"Registers the CA as a trusted authority (how?)"
Yes, that is the entry point into the trust model. A client can only
trust you as much as he trusts the way he got the certificate of the CA
that certified you. So private meetings and USB sticks are usually a
decent way to go I believe.
This
I'm trying to get my head round a basic setup.
I want to use ssl between a java client and IIS server,
I'm happy with a self certification system, i.e. not using Thawte etc.
since it is currently only a two terminal setup.
From what I've read to date, openssl seems to fit the bill. I hope so.
