[WEB SECURITY] Improving Authentication on the Internet
Gervase Markham
gerv at gerv.net
Thu May 12 16:40:04 EDT 2005
Paul Schmehl wrote:
> I'm not disagreeing with your analysis, but wouldn't your method
> invalidate the need for the local root cert? If you're going to trust
> Verisign to affirm the authenticity of the local root cert, then you're
> back to the same place you were before you created your own - trusting
> the existing root certs.
>
> Aren't you?
Yes - although you can leverage a single cert for a single machine,
bought from Verisign, into trust for any machine you care to sign a cert
for (signed by your new CA). Which is certainly cheaper than buying all
the certs from Verisign.
Gerv
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
More information about the websecurity
mailing list