1 edit | reply to Steve
Re: PunkBuster service try to connnect to verisign.com? said by Steve:Let's say that I get an SSL cert for www.unixwiz.net from Verisign, If I want to understand the whole thing, I need to understand:
What the SSL cert is useful for? Why you'd get a cert? |
|
 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by MAT777:What the SSL cert is useful for? Why you'd get a cert? An SSL cert is an attestation of identity: if I have an SSL cert for my my website, then if the cert passes validity you can be sure that it really is my website.
You care about this when you visit your bank, insuring that they are who the URL claims them to be (I personally can't get an SSL certificate for wellsfargo.com).
Additionally, an application such as punkbuster may well need to phone home to get updates and the like: it needs to be sure that when it thinks it's hitting the made-up URL update.punkbuster.com, that it really is connecting to that site.
It's not out of the question to imagine somebody trying to subvert Punkbuster by setting up a fake update site and messing with local DNS, in an attempt to get the software to get a bogus update. But when the fake site is unable to produces a root-CA-signed update.punkbuster.com certificate, then the application knows it's not talking to the real deal.
But please note that an attestation to identity is not the same as an attestation to safety - I could set up www.FreeSpywareWithPorn.com, get a valid cert, and offer exactly what I claim. Just because the site is what it claims to be doesn't mean that it's safe.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
|
|
1 edit | But for example, when I visit my bank site, what check the ssl certificate? Firefox?
Maybe my bank don't use this, do you have an example of a site that use a ssl certificate? |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by MAT777:But for example, when I visit my bank site, what check the ssl certificate? Firefox? Your web browser checks the cert: it insures that the Common Name on the certificate matches the URL in the address line, that the cert has a chain of signing from the trusted root certs, that the cert has not expired, and that the cert has not been added to a revocation list (there are other housekeeping checks too).
All online banking uses SSL: if you see https in the URL, it's using an SSL certificate.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
| https, ok, I got it now. Thanks for all this information. |
|
