[clue-tech] CAcert issues
Angelo Bertolli
angelo at freeshell.org
Wed Mar 30 22:09:44 MST 2005
David Anselmi wrote:
> Angelo Bertolli wrote:
> [...]
>
>> The other thing about do-it-yourself CA is that without a third
>> party, there's really no point int having a CA anyway.
>
>
> Nonsense. You need a CA to create certificates, which browsers use
> for authentication. You can use a third party CA for assurance or
> some other mechanism. For casual browsing they are probably identical
> and for serious browsing a third party is more likely to be
> inadequate. SSH, which uses the same public key crypto as TLS/SSL
> *doesn't* use certificates at all. It can still provide assured
> authentication, but through a different mechanism.
Well maybe you can explain that to me, because I went through all the
steps of creating a certificate without bothering with the "how to set
up your own CA" for a site, and it seems to work fine. When I view the
certificate information, it does have an "issued to" and "issued by"
sections, but those contain just information I gave it when creating the
certificate. I never actually created the CA.
Angelo
More information about the clue-tech
mailing list