Results 1 to 6 of 6

Thread: SSL Certificates and Cookies

  1. #1
    Join Date
    Jun 2009
    Beans
    Hidden!

    SSL Certificates and Cookies

    Hello everyone,

    I was viewing my Firefox SSL certificates and I see Japanese Government listed. For the life of me, I have no idea why I would have this certificate.

    Can anyone point me in the direction of understanding the how, what and why's of having certificates. How I determine which certificates are legitimate/ needed, etc? Can I delete them all and start over fresh? How do I decide what to keep? Does having a long unneeded list slow down the system any?

    Basically, I would like to understand more about cookies and certificates. Some of my certificates say they are ROOT certificates. It seems, for security reasons, we should all have a better understanding of these items.

    Can anyone help with this subject?

    Thanks in advance, OoobuntuRox

  2. #2
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: SSL Certificates and Cookies

    Mozilla decide who's trustworthy and who's not, and then put those certificates into the browser.

    Unfortunately SSL is fundamentally flawed in that any CA can sign keys for any domain, so a single corrupt CA can completely break the system; that was OK in the early days when there were only two or three CAs but now there are large numbers it's going to lead to disaster sooner or later.

    SSL should at least allow you to say 'this CA is allowed to sign keys for these domains and nothing else'. For example, the 'Government Of Nowhereistan' CA should be allowed to sign any certificate for its servers, but not a fake certificate for my bank.

  3. #3
    Join Date
    Oct 2006
    Beans
    23

    Re: SSL Certificates and Cookies


  4. #4
    Join Date
    Jun 2009
    Beans
    Hidden!

    Re: SSL Certificates and Cookies

    Quote Originally Posted by movieman View Post
    Mozilla decide who's trustworthy and who's not, and then put those certificates into the browser.

    Unfortunately SSL is fundamentally flawed in that any CA can sign keys for any domain, so a single corrupt CA can completely break the system; that was OK in the early days when there were only two or three CAs but now there are large numbers it's going to lead to disaster sooner or later.

    SSL should at least allow you to say 'this CA is allowed to sign keys for these domains and nothing else'. For example, the 'Government Of Nowhereistan' CA should be allowed to sign any certificate for its servers, but not a fake certificate for my bank.
    Well that has to be to the shortest yet most helpful response I've had in a long time. Thank you very much for resolving my immediate concern. Also, I get your point about the long term concern. CA is something of a false sense of security. Perhaps a ticking bomb

    Thanks very much !

    OoobuntuRox

  5. #5
    Join Date
    Jun 2009
    Beans
    Hidden!

    Re: SSL Certificates and Cookies

    Quote Originally Posted by artie_effim View Post

    I cross-checked the list vs the certs. Yes they match. Thank you as well for some relief to my immediate SSL concerns.

    Regards, OooBuntuRox

    I will mark my post as solv-ed
    Last edited by cariboo; December 3rd, 2010 at 06:49 PM. Reason: remove huge font formatting

  6. #6
    Join Date
    Jun 2009
    Beans
    Hidden!

    Re: SSL Certificates and Cookies

    Again my thanks to both of you movieman & artie_effim for the info and for the quick responses.

    Ooobunturox,

    Also for anyone interested, I stumbled upon this link for ssl info from Verisign: http://www.verisign.com/ssl/ssl-info...GNM-0000-01-00
    Last edited by cariboo; December 3rd, 2010 at 06:49 PM. Reason: Remove huge font formatting

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •