[AktiviX-discuss] Why is the security certificate bad?
Ian Gregory
aktiv at zenatode.org.uk
Tue Dec 4 03:55:23 UTC 2007
On Mon, Dec 03, 2007 at 05:15:36PM +0000, Paul M wrote:
> On Mon, 2007-12-03 at 05:49 +0000, andy baxter wrote:
>
> > These
> > bodies give out certificates which are meant to securely identify the
> > site you are looking at as the one it says that it is.
>
> This is not strictly true. The purpose of the certificates is to enable
> encrypted traffic between a browser and a server*
As I understand it, SSL uses Diffie-Hellman key exchange to enable
the client and server to establish a shared secret key over an
insecure channel, independent of the use of certificates.
The server certificate is not required to create an encrypted
connection - only to make sure that the connection is to server
that you expect.
Ian
--
Ian Gregory
http://www.zenatode.org.uk/ian/
More information about the AktiviX-discuss
mailing list