|
|
|
| Authored by: Anonymous on Saturday, August 18 2012 @ 04:06 PM EDT |
1. Public/private key signatures are like the seals used on
old official documents: It is physically stuck to the
document (so it cannot be moved to a different one), anyone
who knows what the proper seal looks like (the public key)
can see if it is the proper seal, but only someone with
access to the original seal stamp or signet ring (the
private key) can put that seal on a document.
2. A "certificate" is a document saying that "This seal
(public key) is the genuine seal from Sir X" and signed off
with the official seal of some trusted public notary
(certificate authority).
3. An "intermediary certificate" is a certificate in which
one trusted public notary delegates authority to another and
certifies what seal the other notary will use.
4. A "root certificate" is a certificate that is only signed
off with the seal it depicts, and is thus proof of nothing
unless someone you trust hands you that certificate and says
"This is the genuine root certificate of the in-house notary
at Microsoft Corporation". Your web browser came with a
bunch of those, which the web browser creating company says
you should trust.
5. A "revocation list" is a hot list of stolen, copied or
otherwise withdrawn keys and their certificates. It is
similar to the hot lists of cancelled credit cards that
credit card companies used to distribute to shops. A
"revocation checking service" such as OCSP is like phoning
in every credit card transaction to check if the card is
stolen. "revocation lists" provide better privacy because
they don't let the notary know who is checking signatures
from whom.
[ Reply to This | Parent | # ]
|
|
|
|
|
