You are in a place where theory and practice converge. The security model
assumes you don't trust a CA (in the technical sense) if you don't trust the
CA (in the normal sense). It is built around the assumption that a client's
list of trusted CAs will be intelligentally managed to include only
> Perhaps wandering a bit off-topic, but in practice many CAs which are
> trusted by most browsers will issue certificates to whomever controls
> a domain at the time the cert is issued, and so there's very little
> difference between trusting DNS and trusting DNS+SSL for site
> authentication (th
"David Schwartz" <[EMAIL PROTECTED]> writes:
>> Hi, a question about the SSL:
>>
>> In SSL, the server certificate is checked by the
>> client as to whether the server actually holds the
>> private key of it. This is done by client sending the
>> session key signed by server's public key.
>>
>> So
> Hi, a question about the SSL:
>
> In SSL, the server certificate is checked by the
> client as to whether the server actually holds the
> private key of it. This is done by client sending the
> session key signed by server's public key.
>
> So, why there is a need for a check of domain name in
>
On Wed, Jul 18, 2007 at 11:38:57AM -0700, Soner Sevin? wrote:
> Hi, a question about the SSL:
>
> In SSL, the server certificate is checked by the
> client as to whether the server actually holds the
> private key of it. This is done by client sending the
> session key signed by server's public k
Hi, a question about the SSL:
In SSL, the server certificate is checked by the
client as to whether the server actually holds the
private key of it. This is done by client sending the
session key signed by server's public key.
So, why there is a need for a check of domain name in
the server certi
