On 8/29/23 3:38 PM, Charles Mills wrote:
Not true for a CA root.
Thought experiment: if DigiCert were to misplace their root private
key, would you now be unable to log into amazon.com? (There would be
very disruptive long-term implications, but things would continue to
work in the medium term even without the private key.)
The private key is necessary to be able to*issue* certificates. Tom's
scenario, while it may have some other shortcomings, would work
exactly as Tom supposes.
Fair enough.
I was thinking about a web / email / etc. server not being able to
provide encrypted connections without the key being accessible.
Grant. . . .
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
