On 4/04/2018 11:02 PM, Alan Altmark wrote:
Because you accessed the web site via https://, causing the transmission of the
key to be encrypted and tamper-proof. Further, Charles' web site uses a
certificate published by a Certificate Authority that YOU trust. Or more
precisely, he uses a CA that the vendor of your browser trusts. You trust your
vendor implicitly by using their browser.
THAT is what CA/Browser Forum (CAB) industry group is all about.
Right, but I was just nitpicking the statement that a public key on a
website doesn't require a CA.
Whether the key itself is signed by a CA, or a second key used to
establish a secure session to get the first key is signed by a CA, a CA
is still involved.
--
Andrew Rowley
Black Hill Software
+61 413 302 386
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
