|
-
March 10th, 2005, 11:58 AM
#1
How CA works???
Hi all,
i tried google but was unable to find a decent tutorial on "How Certificate Authority (CA) Works". Any one having any fair idea or link can share with me????
Thanks
Excuse me, is there an airport nearby large enough for a private jet to land?
-
March 10th, 2005, 01:21 PM
#2
What you should look for is how PKI (Public Key Infrastructure) works. This article from SANS: http://www.sans.org/rr/whitepapers/vpns/764.php should help. Basically, they provide public certificates.
I've added a visual from another SANS paper that doesn't seem available but graphically gives a nice view as to what a CA/RA does. Hope this helps.
-
March 10th, 2005, 03:02 PM
#3
mmkahn, MsMittens has it dead on (as usual) but I've got the 20 second answer for you.
CA's verify the identity of the person or organization asking for a certificate. Any fool can install apache, mod_ssl, and open_ssl and put up a website with a certificate...but modern browsers won't (or SHOULDN'T, but that goes beyond my 20 seconds) recognize it as authentic and verified. That's what you pay the CA for, who will check business records, domain registries, etc. before signing a certificate.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
March 10th, 2005, 03:07 PM
#4
That's what you pay the CA for, who will check business records, domain registries, etc. before signing a certificate.
Theoretically, of course. I seem to remember Microsoft's public certificate was "stolen" by an imposter at one point. See the MS Security Bulletin here on that one. But the lack of CRL checking by many browsers (I noticed that FireFox has this built-in as an option) means that many fraudulant certificates could be out there...
-
March 10th, 2005, 03:34 PM
#5
Thanks MsM and Zencoder for quick replies,
@MsM the guide is very informative and now i have a clear picture of what i wanted to know. Can u post the link or name of the pki-ca.jpg's paper.
Thanks
[Edit]
Sorry for the double post, i donot know how it happened.
@MsM Thanks for the link but if u give me the name of paper or title of the paper then i can easily find it.
Thanks again,
[/Edit]
Excuse me, is there an airport nearby large enough for a private jet to land?
-
March 10th, 2005, 03:39 PM
#6
That paper was previously on SANS but seems gone. Here's the link anyways: http://www.sans.org/rr/encryption/PKI_101.php If you find it somewhere, perhaps posting the link of the updated version would be good.
-
March 10th, 2005, 04:42 PM
#7
Also, you might be interested to have a look at this page....
http://www.opengroup.org/messaging/G...i_tutorial.htm
Cheers
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
March 10th, 2005, 04:48 PM
#8
Thank goodness for the WayBack Machine. I found an archived copy of the paper there: http://web.archive.org/web/200304151...on/PKI_101.php It was called "Public Key Infrastructure (PKI) – 101".
-
March 11th, 2005, 05:46 AM
#9
Thanks for the replies guys (esp. MsM)
Excuse me, is there an airport nearby large enough for a private jet to land?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
