Security Basics mailing list archives
RE: Digital Certification Revocation
From: "Peter, Matt" <matt.peter () capgemini com>
Date: Fri, 18 Sep 2009 12:42:41 -0400
Isn't that something you would put in your will and require be executed? If you're this paranoid you could require two unrelated parties do it together. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of M.D.Mufambisi Sent: Friday, September 18, 2009 11:36 AM To: Tracy Reed Cc: pen-test () securityfocus com; security-basics Subject: Re: Digital Certification Revocation Thanks tracy. In the event that i die, what stops someone with access to my digital certification pose as me? Does someone have to revoke MY certificate in the even of my death? Regards Munya On 9/17/09, Tracy Reed <treed () ultraviolet org> wrote:
On Wed, Sep 16, 2009 at 06:53:26PM +0200, M.D.Mufambisi spake thusly:Another question from yours truly. When someone has a digital certificate, and then passes away (dies) how does the Revocation authority get to know about this so as to disallow further use of that persons digital cert?The authority needs to be sent a revocation request signed by the certificate being revoked. It is good practice to generate this revocation request at key generation time and keep it in a safe place. This is because if the signing key is lost such that no signed revocation certificate can be generated it becomes impossible to revoke. Similarly, if the private signing key is encrypted and the owner of the key takes the password to their grave it is impossible to generate a revocation certificate. -- Tracy Reed http://tracyreed.org
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Digital Certification Revocation M.D.Mufambisi (Sep 17)
- Re: Digital Certification Revocation Tracy Reed (Sep 17)
- Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
- Re: Digital Certification Revocation Tracy Reed (Sep 18)
- RE: Digital Certification Revocation Peter, Matt (Sep 18)
- Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
- RE: Digital Certification Revocation David Gillett (Sep 18)
- Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
- Re: Digital Certification Revocation Tracy Reed (Sep 17)