top | item 14642616

(no title)

sdevlin | 8 years ago

It's impossible to bootstrap a secure connection without some preexisting trusted relationship. Otherwise, you'd always be vulnerable to middle-person attacks.

Browsers solve this problem by bundling a number of trusted root certificates. (This is what they mean by "my trusted keys".)

When you connect to some web site, the server sends you their certificate along with a chain of signing certificates up to some root of trust. Assuming the root certificate is among those your browser trusts, you can verify the signature chain and establish a trusted connection.

discuss

No comments yet.