[125177] in cryptography@c2.net mail archive
Re: Can we copy trust?
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Jun 3 11:23:11 2008
Date: Tue, 03 Jun 2008 03:36:55 +0100
From: Ben Laurie <ben@links.org>
To: Ed Gerck <edgerck@nma.com>
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <48444A31.1010807@nma.com>
Ed Gerck wrote:
> Ben Laurie wrote:
>> But doesn't that prove the point? The trust that you consequently
>> place in the web server because of the certificate _cannot_ be copied
>> to another webserver. That other webserver has to go out and buy its
>> own copy, with its own domain name it it.
>
> A copy is something identical. So, in fact you can copy that server cert
> to another server that has the same domain (load balancing), and it will
> work. Web admins do it all the time. The user will not notice any
> difference in how the SSL will work.
Obviously. Clearly I am talking about a server in a different domain.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
