RE: question about ssl certs

2006-04-20 Thread David Schwartz
> Hi, all. I'm hoping somebody can clarify the confusion for me. > > Do certs need to be guarded or not? Almost never. > Because what happens if > you're doing client-side > authentication and a server asks you for your cert, caches it and > that server is later > compromised?

Re: question about ssl certs

2006-04-20 Thread Richard Salz
> > What will prevent somebody from stealing my cert and > > going around pretending to be me? > > "Okay, if you're Susan, this this blob: xx" Sign. The challenge is "sign this blob" > Without your *private* key, they cannot do that. Therefore, they cannot > pretend to be you. If

Re: question about ssl certs

2006-04-20 Thread Richard Salz
> What will prevent somebody from stealing my cert and > going around pretending to be me? "Okay, if you're Susan, this this blob: xx" Without your *private* key, they cannot do that. Therefore, they cannot pretend to be you. If they did, it be like accepting a passport or driver's licen

Re: question about ssl

2005-07-08 Thread Jostein Tveit
amineh salehi <[EMAIL PROTECTED]> writes: > at page 72 in rfc2246 :The following cipher specifications are carryovers > from SSL Version 2.0. These are assumed to use RSA for key exchange and > authentication. > my question was about this note. The lines you quoted is at page 66 of RFC2246. DH k

Re: question about ssl

2005-07-08 Thread amineh salehi
at page 72 in rfc2246 :The following cipher specifications are carryovers from SSL Version   2.0. These are assumed to use RSA for key exchange and   authentication. my question was about this note. Mr Tveit, pleas explain more for me about "signature be omitted entirely" in anonymous key exchang

Re: question about ssl

2005-07-07 Thread Jostein Tveit
amineh salehi <[EMAIL PROTECTED]> writes: > in the ciphersuites defined for it in "rfc2246"( TLS1.0), there isn't > diffi-helman key exchange, why? RFC 2246 specifies many DH key exchange cipher suites. Have a look at page 61. > What is the soulotion for vulnerability in anonymous key exchange

Re: Question about "SSL and TLS" book

2003-10-25 Thread Ohaya
Hi, Thanks. Can you (or anyone else) tell me under what conditions or what determines which of these cases "happens"? In other words, what "decides" to use, say, one certificates only (presumably the root CA cert) vs. certificate chains? takamichi saito wrote: > > > Hi, > > > > I've been

Re: Question about "SSL and TLS" book

2003-10-25 Thread takamichi saito
(B (B> Hi, (B> (B> I've been reading the subject book, by Eric Rescorla, and ran across the (B> following passage on page 110 (Chapter 4, under "CertificateRequest"): (B> (B> "It is important to note that IF certificate chains are being used, then (B> the CA name specified in the Certifi

Re: question about SSL libs

2002-12-04 Thread marcus.carey
Just call SSLeay_add_ssl_algorithms(); Marcus - Original Message - From: "Nick Marcantonio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 04, 2002 11:04 AM Subject: RE: question about SSL libs > Is there anything that SSL_library_init

RE: question about SSL libs

2002-12-04 Thread Nick Marcantonio
!\n"); Regards, Nick Marcantonio [EMAIL PROTECTED] Venturcom, Inc -Original Message- From: marcus.carey [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 6:06 PM To: [EMAIL PROTECTED] Subject: Re: question about SSL libs SSL_library_init() registers the available