Re: CA Q

From: "The Rev [MCT]" <ireportbadpeople@xxxxxxxxx>
Date: Tue, 16 Aug 2005 09:50:02 -0400

Yeah... I'm gonna start a new Root CA company. Revisign, think anyone will trust me?

--
rev

MCT/MCNGP #44 .. "Ben Smith" <online_bensmi@xxxxxxxxxxxxx> wrote in message news:MPG.1d6b8d9bf79c6d54989802@xxxxxxxxxxxxxxxxxxxxxxx

In article <#yvYaiioFHA.3996@xxxxxxxxxxxxxxxxxxxx>, coolromeo29
@yahoo.com says...
So far I understand the whole concept of public & private keys, but I guess my real question is in what situations would you use CA. The only scenario that I've done so far is issue a certificate to my IIS webserver. In what other cases can you use CA.
Private/Public keys are only useful if you trust that the service/person
that possesses that the private key is reasonably the party that was
issued the key and that the keys can used used for the attempted
operation. This is where certification authorities come into play - they
provide the trust structure.
For example, I send you a digitally signed e-mail, which means I have
signed the message by using my private key that was associated with a
certificate issued to me by Microsoft, which in turn, came from an
issuing CA which received it cert from a public CA (GTE, Thawte,
Verisign, etc...) Because you trust the root public CA that my cert
chains to, you accept that I am the person that the private keys where
issued to. (meaning that you have some assurance that I really am Ben
Smith). Your computer trusts all CAs in its Trusted Roots.
You need CAs for any kind of distributed encryption/authentication -
SSL, IPSec, Smart Card, Client Auth, 802.1x, S/MIME, etc...
The alternative model is web of trust, which is as best described by one
security expert I know as "completely 14th century."
"Ben Smith" <online_bensmi@xxxxxxxxxxxxx> wrote in message news:MPG.1d6b1c2c28285674989801@xxxxxxxxxxxxxxxxxxxxxxx > In article <#wDIzUfoFHA.3312@xxxxxxxxxxxxxxxxxxxx>, coolromeo29 > @yahoo.com says... >> By using Certification Authority on WIN2K3 server, does all data >> become >> encrypted between those with certificates? >> >> >> > > Not quite. Public and private keys (as well as generated session keys) > are used by services for encryption and authentication. The MSPress > Security+ book has a really good overview of how encryption works. (I > wrote that chapter).

Follow-Ups:
- Re: CA Q
  - From: Jtyc
- Re: CA Q
  - From: Ben Smith
- Re: CA Q
  - From: Neil

References:
- CA Q
  - From: Rome
- Re: CA Q
  - From: Ben Smith
- Re: CA Q
  - From: Rome
- Re: CA Q
  - From: Ben Smith

Prev by Date: Re: Deer Ben (Was Re: Exam 221)
Next by Date: Re: OT: Monday Madness
Previous by thread: Re: CA Q
Next by thread: Re: CA Q
Index(es):
- Date
- Thread

Relevant Pages

Warning message about valid certificates
... I installed an Enterprise Root CA for my 50-user win2000 ... Certificate Revocation List needed to verify the signing ... In the Edit Trust ... Why do I see this warning message? ...
(microsoft.public.win2000.security)
Re: untrusted domain in certificate
... correct - all machines that connect to a server that has a cert issued by ... your root, must also trust that root. ... > get/install the CA certificate to your client computer. ...
(microsoft.public.win2000.security)
Re: Accessing website with Certificate
... The client needs to have the CA root cert. ... This Security Certificate Was Issued by a Company that You ... "The security cerificate issued by a company you have not chosen to trust. ...
(microsoft.public.inetserver.iis.security)
RE: how can you verify that the site you get is not a fake?
... In order to play ball you don't just need the certificate (or ... >> trust their SSL site, ... The trusted third-party, called CA ... > also has/knows the private key associated with the certificate's ...
(Fedora)
Certificate Services wont start on a new off-line root CA.
... I'm attempting to setup an off-line root CA. ... Schlumberger e-gate 32K smart card to store the CA private key. ... the Schlumberger CSP and 2048-bit when I generate the CA certificate. ... The Certificate Services service terminated with service-specific error ...
(microsoft.public.security)