Full Disclosure mailing list archives
Re: PGP vs. certificate from Verisign
From: Ben Laurie <ben () algroup co uk>
Date: Sat, 10 May 2003 21:03:40 +0100
Steve Poirot wrote:
I'm 98% sure that the key pair is generated on the client machine and that just the public key is transmitted to the CA. The reason I say 98% instead of 100% is that it's possible that a CA just makes it look like that's what's happening. This could be verified by sniffing the session.
Well, the amusing thing is you can do it either way. As it happens neither Thawte nor Verisign (yeah, OK, they're the same thing) have sold out enough to generate private keys. I still hear people telling me occasionally that there are sound reasons for having the CA generate the private key. Strangely they never quite get round to specifying what those reasons are. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- PGP vs. certificate from Verisign Kamal Habayeb (May 09)
- Re: PGP vs. certificate from Verisign Valdis . Kletnieks (May 09)
- Re: PGP vs. certificate from Verisign Shawn McMahon (May 09)
- Re: PGP vs. certificate from Verisign Scott M. Algatt (May 09)
- Re: PGP vs. certificate from Verisign Anne Carasik (May 09)
- Re: PGP vs. certificate from Verisign Georgi Guninski (May 10)
- RE: PGP vs. certificate from Verisign Kamal Habayeb (May 10)
- Re: PGP vs. certificate from Verisign Steve Poirot (May 10)
- Re: PGP vs. certificate from Verisign Derek Atkins (May 10)
- Re: PGP vs. certificate from Verisign Ben Laurie (May 10)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)
- [OFFTOPIC] PGP vs. certificate from Verisign Kurt Seifried (May 10)
- Re: [OFFTOPIC] PGP vs. certificate from Verisign yossarian (May 10)
- Re: PGP vs. certificate from Verisign Valdis . Kletnieks (May 09)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign Georgi Guninski (May 11)
- <Possible follow-ups>
- RE: PGP vs. certificate from Verisign Evans, TJ (BearingPoint) (May 09)
- Re: PGP vs. certificate from Verisign yossarian (May 09)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 09)
