[AktiviX-discuss] Why is the security certificate bad?
andy baxter
andy at earthsong.free-online.co.uk
Tue Dec 4 05:56:27 UTC 2007
Ian Gregory wrote:
> On Mon, Dec 03, 2007 at 05:15:36PM +0000, Paul M wrote:
>
>> On Mon, 2007-12-03 at 05:49 +0000, andy baxter wrote:
>>
>>
>>> These
>>> bodies give out certificates which are meant to securely identify the
>>> site you are looking at as the one it says that it is.
>>>
>> This is not strictly true. The purpose of the certificates is to enable
>> encrypted traffic between a browser and a server*
>>
>
> As I understand it, SSL uses Diffie-Hellman key exchange to enable
> the client and server to establish a shared secret key over an
> insecure channel, independent of the use of certificates.
>
> The server certificate is not required to create an encrypted
> connection - only to make sure that the connection is to server
> that you expect.
>
> Ian
>
That's how I thought it was. You can log in to a machine over ssh (is
this the same as ssl?) without it having a certificate.
andy
More information about the AktiviX-discuss
mailing list