Home page logo

basics logo Security Basics mailing list archives

Re: Stealing certificates
From: "Adrian McCullagh" <Adrian.McCullagh () freehills com>
Date: Fri, 22 Nov 2002 11:16:23 +1000


I am confused by your request for informatiom.

Firstly, the private key is not stored in a certificate only the public key
is embodied in a certificate.

Secondly, it does not matter that someone can so called "steal" a
certificate.  The certificate is meant to be copied and exposed to as many
organisations as possible.

The issue of inserting a fake certificate is very problematical and easy to
achieve.  Especially as the procedure of inserting Certificates has been
published by MS.

Dr. Adrian McCullagh Ph. D.

Direct 61 7 3258 6603
Telephone 61 7 3258 6666
Facsimile 61 7 3258 6444

This email is confidential.  If you are not the intended  recipient,
you must not disclose  or  use the  information  contained in it. If
you have received this email in error,  please notify us immediately
by return email and delete the document.
Freehills is not responsible for any changes made to a document other
than those made by Freehills or for the effect of the changes on the
document's meaning.

Liability is limited by the Solicitors' Limitation of Liability Scheme,
approved under the Professional Standards Act 1994 (NSW)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]