On Mon, Jul 28, 2008, Phibo wrote: > > Is it possible for a certificate authority (CA) signing my SSL certificate > signing request (csr) to decrypt my own SSL sessions ? Or, in other words, > in a csr are there enough infos about my private key to be able to intercept > SSL sessions encrypted by my public key ? >
It can't decrypt anything using your public key no because the CSR only contains details of your public key and a digital signature. A CA could in theory perform a MITM attack, by issuing itself a certificate with your identity and containing a public key to which it has the private key. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
