On Fri, May 05, 2000 at 03:43:33PM -0400, Salz, Rich wrote:
> >Can they use it on any machine? I thought the certificates are tied
> >to a specific host name.
>
> Only in that the browser *may* warn you if the CN component doesn't match
> the domain name of the server that the client has connected to.
> /r$
Yes, but if someone gets your private key they can insert themselves "in the
middle" and the user will not be warned.
The "man in the middle" attack is one of the things that tying the key (and
chaining the certificate to a CA) accomplishes. Once the private key is
compromised you may as well self-generate your own key.
--
--
Karl Denninger ([EMAIL PROTECTED]) Internet Consultant & Kids Rights Activist
http://www.denninger.net Cost-effective solutions on the Internet
http://childrens-justice.org Working to protect children's rights
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
