Category: Crypto Plumbing
-
TTP means Trusted THIRD Party
Check out https://plus.google.com. It’s got a certificate for “*.google.com”. Wildcard certs may be the “store the used control rods in the attic and forget about them” technical trick of the certificate world. But wait, it gets better. This was issued by the “Google Internet Authority”. This presumptuous name describes a Certificate Authority, operated by Google…
-
Trust was SUPPOSED TO means “trust the web site operator”
Check out this . Note the hostname mismatch (it’s got a GeoTrust cert for www.adgrafics.com. Note the WEB TRUST seal in the upper right corner. Click on that, let Chrome kindly translate (appologies, I don’t read Russian or Ukranian.) Note the seal is from “https://webtrustukraineseal.com” (confused yet?) and THAT says “Verisign Trusted” (Verisign != GeoTrust.)…
-
D/R 201: Maintain Fresh Batteries
Years ago, at the dawn of the dot-Com age, when crypto was cool and Distinguished Names were already an arcane concept, there was a story, let’s be kind and say it’s an urban legend, about root keys. In the early days you bought a BBN Safekeeper. It kept the RSA private key safe. It had…