Subj : Re: tailscale ..impressive
To   : Phigan
From : fusion
Date : Mon Jun 05 2023 05:14 am

On 04 Jun 2023, Phigan said the following...

Ph> systems and browsers, the ones we trust. It's technically possible for
Ph> any of them to have master keys to the certificates they generate and
Ph> sign, but as the response in the link says, it's highly unlikely they
Ph> would go using those willy nilly.

no, that is not the case at all.

you send a CSR and the public key to the CA. that's it. there is no "master key". the CA's only purpose and capability is to validate the owner of a public key. they are incapable of decrypting anything.

now, lets say the kitchensync.net bbs has a certificate/public/private key they use. i can encrypt stuff all day long with the public key (in the
certificate) and nobody but that bbs would ever be able to see it. remember the CA doesn't have the private key.

now, if a shitty CA decides to sign a certificate for kitchensync.net with a different public key, that's an entirely different thing. since suddenly someone else can pretend to be them, and they have a separate private key that can decrypt data encrypted with the fake certificate. but in no way does this mean that the real certificate or private key are no longer secure. you
can't decrypt stuff from the original with the new ones.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.