[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, 28 Apr 2013 21:17:24 +0100
Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote:
Hello Martijn,
>It's a bit like a web of trust. Browsers have a (hard-coded) list of
>root authorities and their public keys and when you make an SSL
>connection, the certificate needs to be signed by an authority that
>can be chained back to one of these root authorities. If not, you
A bit like, yes. Real WoT (web of trust) doesn't rely on root
authorities like CAs such as VeriSign.
>When you or I buy a certificate, some very basic checks are performed
Yeah, okay, I over-simplified things.
>That's all true, of course. (I think it's illegal for a shop to store
>the 3-digit code, but I don't know how well this is actually checked.)
IDK about that, but it doesn't stop an unscrupulous employee making a
note of the card details. Admittedly, with chip 'n' pin terminals there
are far fewer reasons to actually hand the card over in the first place.
--
Regards _
/ ) "The blindingly obvious is
/ _)rad never immediately apparent"
It's your life so go your own way
Questions And Answers - Sham 69
Attachment:
signature.asc
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq