Re: digital certificate question

From: Cacca Mucca (caccamucca@gmail.com)
Date: Fri Apr 13 2007 - 17:43:17 ART

• Next message: Cacca Mucca: "Re: digital certificate question"
• Previous message: Daniel Kutchin: "RE: Internet routers"
• Maybe in reply to: Edward Norton: "digital certificate question"
• Next in thread: Cacca Mucca: "Re: digital certificate question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm reaching way back into my gray matter and typing from memory, so if I'm
wrong, someone please jump in and correct me.

There is a big point that you are missing and that is there are 2 digital
certificates.
1 public and 1 private.

Public is sent out, while private never gets sent out.

PeerA sends a digitally signed, using PeerA's public key, and sends an
encrypted message to PeerB, using PeerB's public key. PeerB uses PeerB's
private key to decrypt the message and responds to PeerA using PeerA's
public key. PeerA uses PeerA's private key to read the message.

PeerC cannot read the message and act like PeerB without PeerB's private
key.

And yes, keys do get compromised, that is why there are the CA revocation
lists, etc.

HTH

On 4/13/07, Edward Norton <doubleccie@yahoo.com> wrote:
>
> Folks ;
> I have spent some time reading and testing the point of using digital
> certificate as a way of origin authentication with VPN peers , there is a
> question with bothers my theory understanding which is as follows
>
> if peerA wants to check that peerB is actually peerB , he would request
> the digital certificate of peerB (which contains peerB Public key and the
> signature of the CA ) ...on peerA there are two ceritificates , his own
> identity certificate and the certificate of the CA (which contains the
> public key of the CA and will validate the signature of peerB certificate )
>
> all that is ok , now the question is ..since peerB sends out his digital
> certificate to anyone who request to authenticate with him..why not someone
> (peerC) gets this certificate ..install it and act as if he is peerB ??
>
>
> i am sure i must be missing something here ...can someone explain this
>
> thanks
>
>
>
>
>
>
>
>
> ---------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check outnew cars at Yahoo! Autos.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Cacca Mucca: "Re: digital certificate question"
• Previous message: Daniel Kutchin: "RE: Internet routers"
• Maybe in reply to: Edward Norton: "digital certificate question"
• Next in thread: Cacca Mucca: "Re: digital certificate question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART