-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
>>>They can simply replace it with a different CA certificate, so that you
>>>authenticate to a server that claims to be your server but actually is a
>>>different server that have the same certificate name as your server but
>>>was issued by the
On 1/11/06, Albert Siersema wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160
>
> > They can simply replace it with a different CA certificate, so that you
> > authenticate to a server that claims to be your server but actually is a
> > different server that have the same certificate n
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
> They can simply replace it with a different CA certificate, so that you
> authenticate to a server that claims to be your server but actually is a
> different server that have the same certificate name as your server but
> was issued by the CA t
Hello Alon,
> mts.spb.s...@mail.ru wrote:
> > Hello Alon,
> >
> > ABL> So as long as private keys cannot be extracted... and as long as
> > ABL> the attacker does not have access to the CA private key, you are
> > ABL> in a good security level.
> > The CA certificate I included on the token *DOES
mts.spb.s...@mail.ru wrote:
Hello Alon,
ABL> Sure! I recommend of doing so.
OK.
ABL> So as long as private keys cannot be extracted... and as long as
ABL> the attacker does not have access to the CA private key, you are
ABL> in a good security level.
The CA certificate I included on the token *
Hello Andreas,
mts.spb.s...@mail.ru wrote:
ABL> Putting the CA certificate on the smartcard is a potential
ABL> security issue. Each time you log into the token some one can
ABL> modify its contents.
So, I may safely delete my CA's certificate from the token?
Sure! I recommend of doing so.
I
mts.spb.s...@mail.ru wrote:
Hello Alon,
Thank you, I got it working.
I am glad.
Is it possible not to keep the "ca.crt" on local disk and fetch it
from the token as well? I've put all the certs and keys into PKCS#12
file and imported it into the token - along with the "ca.crt".
Currently Op
