« More wisdom from the CIA | Main | The tree house model of software engineering »

Wednesday, 04 August 2010

What do digital certificates really mean?

- Luther Martin

What do digital certificates really mean? The best discussion of this may be the one that I recently read in Peter Gutmann's book Engineering Security. Here's how Peter describes this:

As a pure speech act, what a certificate is saying is that at some point some entity who may or may not be the one named in the certificate probably requested that another entity who may or may not be the one named elsewhere in the certificate took the public components of a private key that the first entity may or may not control and asked the second entity to sign it using a private key that they may or may not control. However once it’s gone through many, many layers of software this has changed to (for example) a statement that the user has definitely connected to a web site controlled by the named entity, and by the time it gets to the user it’s jumped even further to become an assurance that it’s safe to enter sensitive personal and financial information on the web site!

Posted by Luther Martin on August 4, 2010 in Books , Crypto , Security , Technology | Permalink

Technorati Tags: ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e55375ef1c8833013485e03ea0970c

Listed below are links to weblogs that reference What do digital certificates really mean?:

Comments

Post a comment

If you have a TypeKey or TypePad account, please Sign In.

Voltage Data Breach Index

  • Grab the Voltage Data Breach Index

February 2012

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29      
« | Main | »

Categories

Recent Posts

Links

Archives

More...

Subscribe to this blog's feed