Security Basics mailing list archives

Re: Stealing certificates

From: "Adrian McCullagh" <Adrian.McCullagh () freehills com>
Date: Fri, 22 Nov 2002 11:16:23 +1000


Rygg,

I am confused by your request for informatiom.

Firstly, the private key is not stored in a certificate only the public key
is embodied in a certificate.

Secondly, it does not matter that someone can so called "steal" a
certificate.  The certificate is meant to be copied and exposed to as many
organisations as possible.

The issue of inserting a fake certificate is very problematical and easy to
achieve.  Especially as the procedure of inserting Certificates has been
published by MS.

Dr. Adrian McCullagh Ph. D.
Solicitor
Freehills

Direct 61 7 3258 6603
Telephone 61 7 3258 6666
Facsimile 61 7 3258 6444
http://www.freehills.com

--------------------------------------------------------------------
FREEHILLS
This email is confidential.  If you are not the intended  recipient,
you must not disclose  or  use the  information  contained in it. If
you have received this email in error,  please notify us immediately
by return email and delete the document.
Freehills is not responsible for any changes made to a document other
than those made by Freehills or for the effect of the changes on the
document's meaning.

Liability is limited by the Solicitors' Limitation of Liability Scheme,
approved under the Professional Standards Act 1994 (NSW)
--------------------------------------------------------------------

Current thread:

Stealing certificates Rygg Christian (Nov 21)
- RE: Stealing certificates Walter Williams (Nov 25)
- <Possible follow-ups>
- Re: Stealing certificates Adrian McCullagh (Nov 22)
- RE: Stealing certificates Rygg Christian (Nov 25)