[svlug] Downloading Root CA's for SSL apps

Derek Balling dredd at megacity.org
Fri Jun 8 07:46:01 PDT 2001


At 12:56 AM -0700 6/8/01, Rick Moen wrote:
>begin  Derek Balling quotation:
>
>>  First, a less efficient method for getting certificates (a digital
>>  medium) into my software (a digital medium) I could not hope to find
>>  unless someone wanted to send me the book via the carrier-pigeon
>>  protocol.  ;-)
>
>Oh, you want an Internet-delivered solution?  Splendid!  Let's make sure
>you use my DNS and my IP transport, so you can acquire the root
>certificate that *I* think you should get.  I have your best interests
>at heart.  As does, of course, everyone else.

Point, but since the signatures are easily verified against "known 
standards" (be it printed, whatever), the actual certs can be 
distributed by any insecure method you want, so long as the SIGNATURE 
is available in a "Secure" form.

the book appears to contain only the signatures, though, which is 
fine by that standard. :)

D
-- 
+---------------------+-----------------------------------------+
| dredd at megacity.org  | "Conan! What is best in life?"          |
|  Derek J. Balling   | "To crush your enemies, see them        |
|                     |    driven before you, and to hear the   |
|                     |    lamentation of their women!"         |
+---------------------+-----------------------------------------+




More information about the svlug mailing list