Re: digital certificate question

From: Cacca Mucca (caccamucca@gmail.com)
Date: Fri Apr 13 2007 - 17:49:52 ART

• Next message: Cacca Mucca: "Re: Anyone else have vendor nighmare support stories?"
• Previous message: Cacca Mucca: "Re: digital certificate question"
• Maybe in reply to: Edward Norton: "digital certificate question"
• Next in thread: Edward Norton: "Re: digital certificate question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tipsy or not, looks like a good answer to me.

On 4/13/07, TAM <auha84@dsl.pipex.com> wrote:
>
> I'll have a go at this, though after a few(...) beers things are
> starting to get hazy.
>
> Say Peer C gets the certificate, all it contains is PeerB's public key
> and the signature of the CA. That's fine for initiating communications
> with whomever Peer C wants, but what happens when Peer A (or any peer
> that Peer C attempts to communicate with) replies to Peer C? Peer
> A/other will encrypt it's reply with Peer C's (really B's) Public key,
> so the only node that can DEcrypt it is the owner of the B's Private key
> - namely B, and not Peer C. So Peer C may see data coming back from
> Peer A but it will be unable to decipher it.
>
> I'm sure someone can explain it a little better than this (and highlight
> the downside to writing emails while a little tipsy..)
>
> Thanks,
>
> TAM
>
>
> Edward Norton wrote:
> > Folks ;
> > I have spent some time reading and testing the point of using digital
> certificate as a way of origin authentication with VPN peers , there is a
> question with bothers my theory understanding which is as follows
> >
> > if peerA wants to check that peerB is actually peerB , he would
> request the digital certificate of peerB (which contains peerB Public key
> and the signature of the CA ) ...on peerA there are two ceritificates , his
> own identity certificate and the certificate of the CA (which contains the
> public key of the CA and will validate the signature of peerB certificate )
> >
> > all that is ok , now the question is ..since peerB sends out his
> digital certificate to anyone who request to authenticate with him..why not
> someone (peerC) gets this certificate ..install it and act as if he is peerB
> ??
> >
> >
> > i am sure i must be missing something here ...can someone explain this
> >
> > thanks
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------
> > Ahhh...imagining that irresistible "new car" smell?
> > Check outnew cars at Yahoo! Autos.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Cacca Mucca: "Re: Anyone else have vendor nighmare support stories?"
• Previous message: Cacca Mucca: "Re: digital certificate question"
• Maybe in reply to: Edward Norton: "digital certificate question"
• Next in thread: Edward Norton: "Re: digital certificate question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART