RE: digital certificate question

From: anthony.sequeira@thomson.com
Date: Fri Apr 13 2007 - 19:29:32 ART

• Next message: Laidlaw, Patrick A.: "RE: TeraTerm Multiple sessions"
• Previous message: Lay, Rob: "RE: digital certificate question"
• Maybe in reply to: Edward Norton: "digital certificate question"
• Next in thread: Cacca Mucca: "Re: digital certificate question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I NEVER police this list as you all know...but I am afraid I must speak
up here.

The ONLY time tipsy posts are permitted to GroupStudy is when you have
passed the Lab within the preceding 48 hours.

TAM - I have contacted Paul and your posting privileges have been
revoked. <hic>

Anthony J Sequeira a.k.a. Samuel Adams
#15626

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
TAM
Sent: Friday, April 13, 2007 4:35 PM
To: Edward Norton
Cc: ccielab@groupstudy.com; security@groupstudy.com
Subject: Re: digital certificate question

I'll have a go at this, though after a few(...) beers things are
starting to get hazy.

Say Peer C gets the certificate, all it contains is PeerB's public key
and the signature of the CA. That's fine for initiating communications

with whomever Peer C wants, but what happens when Peer A (or any peer
that Peer C attempts to communicate with) replies to Peer C? Peer
A/other will encrypt it's reply with Peer C's (really B's) Public key,
so the only node that can DEcrypt it is the owner of the B's Private key

- namely B, and not Peer C. So Peer C may see data coming back from
Peer A but it will be unable to decipher it.

I'm sure someone can explain it a little better than this (and highlight

the downside to writing emails while a little tipsy..)

Thanks,

TAM

Edward Norton wrote:
> Folks ;
> I have spent some time reading and testing the point of using
digital certificate as a way of origin authentication with VPN peers ,
there is a question with bothers my theory understanding which is as
follows
>
> if peerA wants to check that peerB is actually peerB , he would
request the digital certificate of peerB (which contains peerB Public
key and the signature of the CA ) ...on peerA there are two
ceritificates , his own identity certificate and the certificate of the
CA (which contains the public key of the CA and will validate the
signature of peerB certificate )
>
> all that is ok , now the question is ..since peerB sends out his
digital certificate to anyone who request to authenticate with him..why
not someone (peerC) gets this certificate ..install it and act as if he
is peerB ??
>
>
> i am sure i must be missing something here ...can someone explain
this
>
> thanks
>
>
>
>
>
>
>
>
> ---------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check outnew cars at Yahoo! Autos.

• Next message: Laidlaw, Patrick A.: "RE: TeraTerm Multiple sessions"
• Previous message: Lay, Rob: "RE: digital certificate question"
• Maybe in reply to: Edward Norton: "digital certificate question"
• Next in thread: Cacca Mucca: "Re: digital certificate question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART