> Whether the key itself is signed by a CA Keys are not signed, at least not generally.
Messages may be signed; a process that involves two keys. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Andrew Rowley Sent: Wednesday, April 4, 2018 3:56 PM To: [email protected] Subject: Re: Software Delivery on Tape to be Discontinued On 4/04/2018 11:02 PM, Alan Altmark wrote: > Because you accessed the web site via https://, causing the transmission of > the key to be encrypted and tamper-proof. Further, Charles' web site uses a > certificate published by a Certificate Authority that YOU trust. Or more > precisely, he uses a CA that the vendor of your browser trusts. You trust > your vendor implicitly by using their browser. > > THAT is what CA/Browser Forum (CAB) industry group is all about. Right, but I was just nitpicking the statement that a public key on a website doesn't require a CA. Whether the key itself is signed by a CA, or a second key used to establish a secure session to get the first key is signed by a CA, a CA is still involved. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
