re:
http://www.garlic.com/~lynn/aadsm27.htm#22 A crazy thought?
for some other topic drift regarding certification authorities ... having been
certification
authorities for digital certificates targeted at the (electronic but)
offline market
... they encountered a number of issues in the mid
into support
problems (that is, of course you can hack it in, but browsers won't
understand it, and developers won't support you).
re:
http://www.garlic.com/~lynn/aadsm27.htm#22 A crazy thought?
http://www.garlic.com/~lynn/aadsm27.htm#26 A crazy thought?
http://www.garlic.com/~lynn/aadsm27.htm#27
Allen wrote:
Hi Gang,
In a class I was in today a statement was made that there is no way that
anyone could present someone else's digital signature as their own because no
one has has their private key to sign it with. This was in the context of a
CA certificate which had it inside. I
Allen wrote:
Hi Gang,
In a class I was in today a statement was made that there is no way that
anyone could present someone else's digital signature as their own
because no one has has their private key to sign it with. This was in
the context of a CA certificate which had it inside. I tried
At 06:28 AM 5/27/2007, Allen wrote:
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the digital signature, or open
Allen wrote:
Which lead me to the thought that if it is possible, what could be done
to reduce the risk of it happening?
It occurred to me that perhaps some variation of separation of duties
like two CAs located in different political environments might be used
to accomplish this by having
Allen,
I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be able to decrypt any
information encrypted
Two birds with one shot. :)
Ali, Saqib wrote:
I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be
On Sat 5/26/2007 at 8:59 PM Allen [EMAIL PROTECTED]
wrote:
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the
On Sat, 26 May 2007, Allen wrote:
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the digital signature, or open
Jim Dixon wrote:
[snip]
The CA certifies that X is your public key.
^
Who is you? That is the real question. To leave CAs out for the
moment, imagine J. Doe and J. Doe, two different people, each put
a public key on a server and you get a message created
Hi Gang,
In a class I was in today a statement was made that there is no way
that anyone could present someone else's digital signature as their
own because no one has has their private key to sign it with. This
was in the context of a CA certificate which had it inside. I tried
to suggest
12 matches
Mail list logo