|FROM ||Ruben Safir
|SUBJECT ||Subject: [hangout] Fwd: Re: [wwwac] Suggestions for SSL Certificate Authorities [email@example.com]
|From owner-hangout-desteny-at-mrbrklyn.com Sat Jan 26 21:46:41 2002
Received: (from mdom-at-localhost)
by www2.mrbrklyn.com (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) id g0R2kdD18513
for hangout-desteny; Sat, 26 Jan 2002 21:46:39 -0500
Received: from www2 (localhost [127.0.0.1])
by www2.mrbrklyn.com (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) with ESMTP id g0R2kdL18508
for ; Sat, 26 Jan 2002 21:46:39 -0500
Date: Sat, 26 Jan 2002 21:46:39 -0500
From: Ruben Safir
Subject: [hangout] Fwd: Re: [wwwac] Suggestions for SSL Certificate Authorities [wwwac-at-underwood.electricmindcontrol.net]
References: <184.108.40.206.0.20020126185346.03653e48-at-underwood.electricmindcontrol.net> <220.127.116.11.0.20020126182931.03d62da8-at-earthlink.net> <18.104.22.168.0.20020126182931.03d62da8-at-earthlink.net> <20020126203953.I17559-at-www2.mrbrklyn.com> <22.214.171.124.0.20020126185346.03653e48-at-underwood.electricmindcontrol.net> <20020126205721.O17559-at-www2.mrbrklyn.com> <126.96.36.199.0.20020126191124.03a80c68-at-underwood.electricmindcontrol.net> <20020126214540.C18447-at-www2.mrbrklyn.com>
Content-Type: text/plain; charset=ISO-8859-1
In-Reply-To: <20020126214540.C18447-at-www2.mrbrklyn.com>; from ruben-at-mrbrklyn.com on Sat, Jan 26, 2002 at 21:45:40 -0500
X-Mailer: Balsa 1.2.3
Reply-To: Ruben Safir
List: New Yorkers Linux Scene
Admin: To unsubscribe send unsubscribename-at-domian.com to hangout-request-at-www2.mrbrklyn.com
Can someone help this poor lost soul....
He's very confused about certificates for the web
and asymetric encryption
On 2002.01.26 21:17:56 -0500 Tim wrote:
No, it doesn't.
It works like this:
* I roll my own certificate.
* Jon Q. Hacker decides to impersonate me.
* Jon Q. Hacker redirects some DNS to a clone
of my site. (details of this left as an exercise-
maybe he just registers a type-URL, whatever.)
* Jon Q. Hacker rolls his own certificate with my
name on it
* Ruben types my URL, but the compromised DNS
points to JQH's box. Certificate says "Tim".
Ruben tells JQH confidential stuff meant only
for me (Tim).
With a third party such as verisign, you have verisign's
signature on the particular certificate I send.
JQH can still send you a certificate, but it won't be
signed. The signature of the trusted third party tells
the user that the key they're receiving to communicate
with me as actually MINE, not just one with my name on it.
Anyhow, I'm not interested in rolling my own. The question
Any suggestions on a good CA to use?
At 08:57 PM 1/26/2002 -0500, Ruben Safir wrote:
>On 2002.01.26 20:56:59 -0500 Tim wrote:
> >>Kinda defeats the purpose of have a cert, doesn't it?
>Not at all.
>Public key assymetric cryptografy solves the problem
>totally without the need for a third party involved.
>Of couse, if you trust verisign, you should know they have
>given away Microsoft certificates to anyone who knocks on
>their door and asks.
>No THAT defeats the purpose of the certificate.
>Brooklyn Linux Solutions
>http://www.mrbrklyn.com - Consulting
>http://www.brooklynonline.com - For the love of Brooklyn
>http://www.nylxs.com - Leadership Development in Free Software
>http://www.nyfairuse.org - The foundation of Democracy
>http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and
>articles from around the net
>http://www2.mrbrklyn.com/mp3/hooked.mp3 - Spring is coming....
>http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
>## The World Wide Web Artists' Consortium --- http://www.wwwac.org/ ##
>## To Unsubscribe, send an e-mail to: wwwac-unsubscribe-at-lists.wwwac.org ##
Brooklyn Linux Solutions
http://www.mrbrklyn.com - Consulting
http://www.brooklynonline.com - For the love of Brooklyn
http://www.nylxs.com - Leadership Development in Free Software
http://www.nyfairuse.org - The foundation of Democracy
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/mp3/hooked.mp3 - Spring is coming....
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
New Yorker Linux Users Scene
Fair Use -
because it's either fair use or useless....