Re: lug-bg: STARTTLS vupros

[kangelov@email.domain.hidden (Konstantin Angelov)]

Mersi mnogo za podrobnoto info!

<p><p>On Wed, 2 Apr 2003 Vesselin Kolev said:

<em class="quotelev1">> -----BEGIN PGP SIGNED MESSAGE-----
<em class="quotelev1">> Hash: SHA1
<em class="quotelev1">>
<em class="quotelev1">> Ops, oshte neshto izpusnah. Izvinivai, no sym razseian mnogo sutrinta.
<em class="quotelev1">>
<em class="quotelev1">> Kogato shte certificirash X.509 certificate za tvoia host, no ne iskash da
<em class="quotelev1">> polzvash tvoia CA, a niakoia ot "oficialnite" imai predvid slednoto:
<em class="quotelev1">>
<em class="quotelev1">>   1. Generirai si certificate requesta kym CA pri teb. Zanesi v CA samo
<em class="quotelev1">> nego, no ne nosi private key-a na dvoikata. Ne pravi fatalnata
<em class="quotelev1">> glupost da otidesh pri CA i da kazhesh "iskam da mi napravite edin
<em class="quotelev1">> certificate, shtoto az ne znam kak se pravi":))) Shtoto mozhe bi se
<em class="quotelev1">>  doseshtash, che CA pyrvo shte triabva da ti generira secret key na neina si
<em class="quotelev1">>  mashina i niama garancii, che niama da ti go kopira niakyde si i posle da
<em class="quotelev1">> izdava certificati ot tvoe ime.
<em class="quotelev1">>
<em class="quotelev1">>   2. PKCS#12 si go pravish na tvoia mashina. Ne otivash v CA i ne kazvash,
<em class="quotelev1">> daite mi edin PKCS#12 certificate, shtoto ne znam kak da si go napravia.
<em class="quotelev1">> Prosto generirash si X.509 za vseki klient, posle nosish requesta v CA, te ti
<em class="quotelev1">> go podpisvat i sled kato si sednesh na tvoiata mashina si pravish PKCS#12.
<em class="quotelev1">>
<em class="quotelev1">>   3. Zamisli se, che ako ne znaesh kak se praviat tezi neshta, CA mozhe da
<em class="quotelev1">> generira fiktiven PKCS#12 i da se predstavia vmesto niakoi tvoi client.
<em class="quotelev1">> Predstavi si kakvi posledici mozhe da ima tova, ako s tozi certificate se
<em class="quotelev1">> dostypkva secretna finansova informacia prez web-server ...
<em class="quotelev1">>
<em class="quotelev1">>   Pozdravi
<em class="quotelev1">>      Vesselin Kolev
<em class="quotelev1">> -----BEGIN PGP SIGNATURE-----
<em class="quotelev1">> Version: GnuPG v1.2.1 (GNU/Linux)
<em class="quotelev1">>
<em class="quotelev1">> iD8DBQE+io+R+48lZPXaa+MRAsm2AKD4H18wzEaoeTSevjEuvWjc0+csPgCfQ+/7
<em class="quotelev1">> /aQ411f2hcq8kwMEZCiKPm8=
<em class="quotelev1">> =4gqv
<em class="quotelev1">> -----END PGP SIGNATURE-----
<em class="quotelev1">>
<em class="quotelev1">> ============================================================================
<em class="quotelev1">> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1">> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
<em class="quotelev1">> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1">> ============================================================================
<em class="quotelev1">>
<em class="quotelev1">>

Konstantin Angelov
Yellowbrix Inc.
(703) 519-1099 - work
(703) 548-9151 - fax

<p>============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================