Re: Does Verisign Lie?

Thu, 12 Aug 1999 18:36:35 -0700 

-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------

Yes, but verisign takes in host information  when creating the key.  It is
part of their "security" and "trust model" mechanism.  It actually trusts a
server, domain, virtual host setup.
It is part of the non-repudiation model they have in place.
That is why some smaller sites will point off to a "payment" url to conduct
the business, in that way you can somewhat share a secure ecomm site amongst
smaller players (just one of the many reasons to do that, such as having a
bond for each site)

Thor HW
----- Original Message -----
From: Jonathan Tew <[EMAIL PROTECTED]>
To: Java Apache Users <[EMAIL PROTECTED]>
Sent: Thursday, August 12, 1999 6:04 PM
Subject: Re: Does Verisign Lie?


> -----------------------------
> Please read the FAQ!
> <http://java.apache.org/faq/>
> -----------------------------
>
> I don't see how... I generated a test certificate today using the
> openssl tools on their web site.  It never once knew that I was going to
> run it in an apache server.  I'm not sure if part of the csr contains
> the platform.
>
> Jon
>
> David Schlussel wrote:
> >
> > -----------------------------
> > Please read the FAQ!
> > <http://java.apache.org/faq/>
> > -----------------------------
> >
> > i know for a fact their keys are platform and server specific.  it's
$100
> > to switch your key over from one server to another.
> >
> > -david
> >
> > On Thu, 12 Aug 1999, Thor Heinrichs-Wolpert wrote:
> >
> > > -----------------------------
> > > Please read the FAQ!
> > > <http://java.apache.org/faq/>
> > > -----------------------------
> > >
> > > It wouldn't surprise me if it is locked down in some way.
> > > If you have a personal publish cert. your have to have one for
Netscape and
> > > one for IE due to the differences in these 2 products for secure
signed
> > > applets.
> > >
> > > I still think PKI, as it is implemented today, has some major
drawbacks.
> > >
> > > Thor HW
> > > ----- Original Message -----
> > > From: Jonathan Tew <[EMAIL PROTECTED]>
> > > To: Java Apache Users <[EMAIL PROTECTED]>
> > > Sent: Thursday, August 12, 1999 5:04 PM
> > > Subject: Does Verisign Lie?
> > >
> > >
> > > > -----------------------------
> > > > Please read the FAQ!
> > > > <http://java.apache.org/faq/>
> > > > -----------------------------
> > > >
> > > > I'm in the process of adding SSL to my Apache/JServ configuration.
> > > > Verisign told me that I couldn't use the certificate that we had
> > > > generated for the Sun's JWS.  They said it was platform and server
> > > > specific.  Unfortunately I can't recover the key/cert pair from the
> > > > JWS's keys file because the authstore program doesn't allow it, but
I'm
> > > > still curious to see if someone can explain a technical reason.  I
> > > > personally think they're lying just to make money.
> > > >
> > > > Jon
> > > >
> > > >
> > > > --
> > > > --------------------------------------------------------------
> > > > Please read the FAQ! <http://java.apache.org/faq/>
> > > > To subscribe:        [EMAIL PROTECTED]
> > > > To unsubscribe:      [EMAIL PROTECTED]
> > > > Archives and Other:  <http://java.apache.org/main/mail.html>
> > > > Problems?:           [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > --------------------------------------------------------------
> > > Please read the FAQ! <http://java.apache.org/faq/>
> > > To subscribe:        [EMAIL PROTECTED]
> > > To unsubscribe:      [EMAIL PROTECTED]
> > > Archives and Other:  <http://java.apache.org/main/mail.html>
> > > Problems?:           [EMAIL PROTECTED]
> > >
> > >
> >
> > --
> > --------------------------------------------------------------
> > Please read the FAQ! <http://java.apache.org/faq/>
> > To subscribe:        [EMAIL PROTECTED]
> > To unsubscribe:      [EMAIL PROTECTED]
> > Archives and Other:  <http://java.apache.org/main/mail.html>
> > Problems?:           [EMAIL PROTECTED]
>
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Archives and Other:  <http://java.apache.org/main/mail.html>
> Problems?:           [EMAIL PROTECTED]
>
>



--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to