[Security] TLS Certificates Verification - certificate and private key clarification

Johansson Olle E oej at edvina.net
Wed Aug 20 01:50:56 CDT 2008


20 aug 2008 kl. 02.10 skrev Florian Zeitz:

> Another issue with certificates in general (that Justin Karneges  
> already
> brought up) is that there should be only one certificate per JID. That
> means you have to get this certificate to all machines you use that
> account with. One solution would be to store the certificate on the
> server (doesn't really sound like a good idea). The other would be to
> leave it to the user to transfer the certificate from machine to
> machine, which probably falls in to the "to hard" category.

This is no issue with the certificate. I think you're mixing the  
certificate
and the private key. The private key is needed on all systems, as is
the public key. The certificate is a signed wrapper around the public
key and can be distributed freely.

You don't want a third party like your server to store the private key.
(remember WAP security ;-) )

Just a small clarification.

We do need to start the wiki docs :-)
/O


More information about the Security mailing list