Security Basics mailing list archives
Re: SSL Certificate - Internal CA vs "well known CA"
From: Pranay Kanwar <warl0ck () metaeye org>
Date: Tue, 07 Aug 2007 02:30:21 +0530
The following points can accommodate this An open CA is vulnerable to key substitution and other forms of attacks. Lets suppose you create a certificate and distribute it by email or on the web how can one verify its correctness ? For example, if you website says *install this certificate* how can one validate that your's certificate is the intended one and no one during that time has compromised the connection to your server and presented an invalid certificate ?. The trusted CA's also use other forms of validation. You can use internal CA and keep things secure, but again the certificate distribution will be another cryptographic problem. regards warl0ck // MSG sfmailsbm () gmail com wrote:
Dear List, Just wanted to understand why using a "well known 'trusted' CA" (e.g. verisign) is more secure than using an Internal CA to manage Certificates e.g. if a company wants to publish a non-financial site (as opposed to, say, Internet Banking) would not an Internal CA be as Secure as an external one? What is the real (security) benefit of using (expensive) external (e.g. Verisign) Certs? Thanks you for your comments
Current thread:
- SSL Certificate - Internal CA vs "well known CA" sfmailsbm (Aug 06)
- Re: SSL Certificate - Internal CA vs "well known CA" Vinicius Vianna (Aug 06)
- Re: SSL Certificate - Internal CA vs "well known CA" Pranay Kanwar (Aug 06)
- SSL Certificate: Any Recommendations on Specific Vendors Iwekani Mukoma (Aug 06)
- Re: SSL Certificate: Any Recommendations on Specific Vendors MaddHatter (Aug 08)
- Message not available
- Fwd: SSL Certificate - Internal CA vs "well known CA" kevin fielder (Aug 08)
- RE: SSL Certificate - Internal CA vs "well known CA" Burns, Doug (Aug 08)
- SSL Certificate: Any Recommendations on Specific Vendors Iwekani Mukoma (Aug 06)
- <Possible follow-ups>
- Re: SSL Certificate - Internal CA vs "well known CA" Eric G (Aug 08)