[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] raq3 SSL

Subject: RE: [cobalt-users] raq3 SSL
From: Brandon Wheaton <brandonw@xxxxxxxxxxxx>
Date: Mon Sep 18 01:49:08 2000

>What VeriSign, Thawte and others do is verify that you are who 
>you say you are.  Most of us consider only the encryption part 
>of the certificate, but the fact is that the identity part is at 
>least as important.  For example, if I were a thief and could 
>create my own certificate saying I was your bank, how much data 
>do you think I could get before someone noticed I wasn't?

Just to expand and clarify, VeriSign, Thawte, Baltimore, 
Entrust, etc., are certificate authorities, *not* validation
authorities. They provide the Certs but no reliable and 
confirmable validation. Sure they can say "yes, we issued a 
cert to John Doe" but ValiCert is the only entity able to 
independently verify the cert. With CAs doing their own 
validation the scenario described can take place very easily. 
However, with ValiCert performing real-time validation as a 
Trusted Third Party, this is no longer an issue.

Check out www.valicert.com for further VA information and our 
other products and services.

Anyway - sorry for the blatant plug ;^)

Brandon Wheaton
UNIX Systems Engineer 
ValiCert, Inc.
1215 Terra Bella Ave. 
Mountain View, CA 94043 
650.567.5430 
----
Quantum Mechanics: The dreams stuff is made of

Prev by Date: [cobalt-users] UserList.html
Next by Date: [cobalt-users] RAQ2 List of in use IP Addresses
Previous by thread: RE: [cobalt-users] raq3 ssl
Next by thread: [cobalt-users] RaQ3 SSL

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index