[jdev] Re: TLS and self-signed certs
David Waite
dwaite at gmail.com
Thu Nov 11 23:44:25 CST 2004
On Thu, 11 Nov 2004 19:54:49 -0800, Neil Stevens <neil at hakubi.us> wrote:
> Also, remember that different people have different threat models to
> address. Someone in the old hypothetical revolutionary conspiracy can't
> afford to depend on large institutional corporations to sign their
> certificates, but still might want to protect their communications from
> eavesdropping.
Err, except to have a certificate issued means that your public key
has been verified as being from you - verisign for instance never sees
your private key. They only see what they would get anyway by
connecting to the socket you are running on.
There is a lot more risk in trusting a self-signed certificate as a
CA, since that certificate can then be used to generate certificates
for any other domain.
More information about the JDev
mailing list