Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: markomalley

This doesn’t exactly make sense. A cert isn’t trusted unless your system recognizes it as signed by a known certificate authority. Do they mean that Dell accidentally “leaked” a CA cert, and put the cert and the private key on every system? Or is it cert+key signed by a known CA (and therefore not “self-signed”) which is flagged to be able to sign other keys and thus create trusted certs?


12 posted on 11/23/2015 7:35:32 PM PST by Campion (Halten Sie sich unbedingt an die Lehre!)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Campion

A trusted Cert is whatever is authenticated by a “known good” certificate in the browser’s root certificate list. If you add your own root certificate to that list then the browser will accept as authentic any certificate “signed” by that root.


13 posted on 11/23/2015 7:42:04 PM PST by AustinBill (consequence is what makes our choices real)
[ Post Reply | Private Reply | To 12 | View Replies ]
To: Campion; AustinBill
It appears to me that Dell put a CA (signing) cert on the machine, which was itself self-signed, but it was imported into the "trusted CA certs" store of the computer.

Thus, anyone with enough control of the computer (including any hacker's Trojan, etc.) could use that trusted CA cert to make and sign a cert for any other entity, and the computer would likewise completely trust -it-.

The resulting utter breach of security and privacy should be obvious.

14 posted on 11/23/2015 7:48:01 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 12 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson