Here are some very insightful thoughts I came across reading this page and that I'll share with you.
For starters, everyone should read this part to make things less confusing :
"A driver's license is issued by your State. It contains information about a person (name, address, age) and information that may be used to associate the license with the individual it describes (picture, signature). A certificate is issued by a Certificate Authority (CA). It contains information about an account (name, department, E-Mail) and information that may be used to prove that someone who claims to be is actually the owner of the certificate (a Public Key matching another Private Key that the owner has kept secret). However, while there are only 50 states issuing drivers licenses, any organization can set up a Certificate Authority. How does one make the decision to trust certificates issued by a CA."
What a nice analogy! It certainly helps to see how it really works.
Then, the author explains why using your own self-signed certificates is not really an option :
Certificates are exchanged as part of the SSL (also called TLS) initialization that occurs when any Browser connects to an https: Web site. A certain number of public CA certficates are preinstalled in each Browser by Microsoft, Mozilla, or whoever else makes the Browser. Basically the same set of certificates is installed by Microsoft in every copy of Windows and by Sun in every copy of Java. However, no application, system, or language comes with any certificate that you've created inside your company or campus as a Certificate Authority (CA).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment