on 6/15/01 10:59 AM, Steven Fisher at [EMAIL PROTECTED] wrote:
> In short, can someone give me a "Personal Certificates For Dummies!"
> summary?
In short, skipping all the technicalities:
* legit certificates are the kind that you purchase from the rip-off artists
known as Verisign, for example. They maintain and sell legit security
certificates, that therefore can verify that you are who you claim to say
you are.
* private certificates are, essentiall, roll-your-own certificates, that are
not 'backed by the certificate authority', but they are commonly used by
those who administer their own server, and do not have any need for an
'official' certificate while still wanting to provide relative security of
data via SSL.
Legit certificates cost money, which explains the popularity of the private
certificates. Further, while in theory the certificate authority should
assure the identity of those it issues certificates to, the recent case of
Verisign assigning a certificate for Microsoft to someone else pretty much
proves the flaws in this model of 'trust' - and also pretty much undermines
the trust in such self-proclaimed authorities....
Anyone feel free to add.
Harry
---
http://www.zinkdifferent.com
To unsubscribe send mail to [EMAIL PROTECTED]
To search the archives:
<http://www.mail-archive.com/macie-talk%40lists.boingo.com/>
