[Web4lib] why are Certification Authorities necessary

John Fitzgibbon jfitzgibbon at Galwaylibrary.ie
Thu Dec 8 04:56:20 EST 2005


Hi,

In public key private key cryptography, typically, the public key is
used to encrypt and the private key is used to decrypt. The public key
is made available to anyone who wishes to communicate with the server.
For example, if I wish to send confidential information to an online
store, I obtain the online store's public key, use it to encrypt the
data and send the data in encrypted format. The server uses a private
key to decrypt the data. The public key can't decrypt.

This is the part I don't understand. To rule out a middle man attack,
the public key is lodged with a Certification Authority. The public key
is obtained from a Certification Authority rather than from the online
store's server. If I'm sure that the public key has come from the server
www.amazon.com and I know that www.amazon.com is the company I wish to
deal with what is the problem? Why does the transaction require the
added complication of a Certification Authority?

Any enlightenment would be much appreciated.

Regards
John

John Fitzgibbon

Galway Public Library
Island House
Cathedral Square
Galway
Ireland

p: 00 353 91 562471
f: 00 353 91 565039
w: http://www.galwaylibrary.ie 

******************************************************************* 
Tá eolas atá príobháideach agus rúnda sa ríomhphost seo 
agus aon iatán a ghabhann leis agus is leis an duine/na daoine
sin amháin a bhfuil siad seolta chucu a bhaineann siad. 
Mura seolaí thú, níl tú údaraithe an ríomhphost nó aon iatán 
a ghabhann leis a léamh, a chóipáil ná a úsáid. 
Má tá an ríomhphost seo faighte agat trí dhearmad, 
cuir an seoltóir ar an eolas thrí aischur ríomhphoist 
agus scrios ansin é le do thoil. 

This e-mail and any attachment contains information which is 
private and confidential and is intended for the addressee 
only. If you are not an addressee, you are not authorised 
to read, copy or use the e-mail or any attachment. 
If you have received this e-mail in error, please notify 
the sender by return e-mail and then destroy it. 
*********************************************************************


More information about the Web4lib mailing list