verisign-entrust

Sun Jun 18 21:59:56 EEST 2000

> ----------
> From: 	Nikos Mavroyanopoulos[SMTP:nmav at hellug.gr]
> Reply To: 	linux-greek-users at hellug.gr
> Sent: 	18 June 2000 18:53
> To: 	linux-greek-users at hellug.gr
> Subject: 	Re: verisign-entrust
> 
> On Sun, Jun 18, 2000 at 06:07:05PM +0100, Xenitellis S wrote:
> 
> > Ena problima pou dimiourgitai einai to 8ema tou poios exei to idiotiko
> > (private)
> > kleidi me to opoio mporei na ypografei kai na paragei "certificates".
> > Gia "certificates" xamilis ajias den pistevw na yparxei problima na exei
> to
> > idiwtiko kleidi atomo koinis empistosynis, o opoios/i opoia 8a diatirei
> to
> > idiwtiko kleidi "off-line".
> Ti ennoeis xamilis axias? H oli asfaleia tou TLS/SSL einai sta
> certificates.
> Me certificates xamilis axias (asfaleias), aplws den yparxei asfaleia.
> 
H Verisign poulaei pistopoiitika ("certificates") gia diafores tsepes. H
diafora stin timi proerxete stin politiki pou exei gia tin prostasia tou
sygkekrimenou
idiwtikou kleidiou ka8ws kai sto ti mpelades mpainei gia na sigoureftei oti
esy poy zitas to pistopoiitiko eisai esy o idios. Gia paradeigma, yparxoun
ta kleidia klashs I mexri klashs 4. (Nomizw oti afta einai
orologia-Verisign). 

Pistopoiitika klashs I mporei na parei o opoiosdipote, kai ta antistoixa
pistopoiitika dhmiourgounte sxedon se pragmatiko xrono. To dhmosio kleidi
tou pistopoiitikou syndeete me thn ilektroniki diefthinsi pou dineis. H
Verisign "sigourevetai" oti sou anikei i sygkekrimeni diefthinsi dioti
prepei na akolou8iseis odigies apo gramma pou stelnete stin diefthinsi ayti.
To gegonos oti pairneis to pistopoiitiko grigora, simainei oti to idiotiko
kleidi
einai kapou online.

Gia ta Pistopoiitika Klashs III, gia paradeigma, leei oti frourei to
idiotiko kleidi se ktirio me 5 (heh) epipeda asfaleias kai xontrous toixous.
To idiotiko kleidi vriskete se eidiki syskevi asfaleias poy katastrefei to
kleidi an kapoios prospa8isei na to parabiasei. To pistipoiitiko 8elei
kapoies meres na sto dwsei. Gia na sigoureftei to poios eisai, zitaei arketa
eggrafa. 

> > To dimosio kleidi mporei na mpei p.x.sto
> http://certs.hellug.gr/root.crt. To
> > Netscape 8a to eisagei sti basi pou exei meta apo erwtisi ston xristi.
> > H sygkekrimeni basi exei twra panw apo 50 tetoia kleidia.
> Ap'oso xerw to netscape tha kratisei to certificate kai ta stoixeia
> tou (neou) certifier topika. 
> Etsi h asfaleia peutei sto epipedo tou ssh, to opoio einai vulnerable kata
> 
> tin prwti syndesi (ekei pou katevazei to server key).
> 
Sto SSH, o xristis prepei na exei logariasmo ston ejypiretiti. Sto Netscape
exeis paromoia leitourgikotita otan kaneis xrisi "pistopoiitikwn xristi".
Genika sto Internet, mono o ejipiretitis "apodiknyei" poios einai, oxi o
xrhstis.

> To pleonektima twn certicom,entrust klp einai oti to netscape exei hdh
> ta kleidia tous enswmatwmena.
> 
Gia na baleis to "riziko pistopoiitiko" tou Hellug sti basi ayti, arkei na
pas mia mono fora sto http://certs.hellug.gr/root.crt kai se oti sou leei to
netscape na les "Yes" (h Nai).

An 8eleis tin Netscape na balei to "riziko pistopoiitiko" tou Hellug stis ej
orismou dianomes, arkei na to zitiseis. An eisai arketa "megalos", mporei na
pei to nai. Diaforetika, mporeis na kaneis diko sou RPM tou Netscape me to
kleidi tou enswmatomeno. 

Simos

--
linux-greek-users mailing list -- http://lists.hellug.gr