[Security] TLS Certificates Verification - certificate and private key clarification
Johansson Olle E
oej at edvina.net
Wed Aug 20 01:50:56 CDT 2008
20 aug 2008 kl. 02.10 skrev Florian Zeitz:
> Another issue with certificates in general (that Justin Karneges
> brought up) is that there should be only one certificate per JID. That
> means you have to get this certificate to all machines you use that
> account with. One solution would be to store the certificate on the
> server (doesn't really sound like a good idea). The other would be to
> leave it to the user to transfer the certificate from machine to
> machine, which probably falls in to the "to hard" category.
This is no issue with the certificate. I think you're mixing the
and the private key. The private key is needed on all systems, as is
the public key. The certificate is a signed wrapper around the public
key and can be distributed freely.
You don't want a third party like your server to store the private key.
(remember WAP security ;-) )
Just a small clarification.
We do need to start the wiki docs :-)
More information about the Security