Can we copy trust?

Ed Gerck edgerck at
Mon Jun 2 15:29:53 EDT 2008

Ben Laurie wrote:
> But doesn't that prove the point? The trust that you consequently place 
> in the web server because of the certificate _cannot_ be copied to 
> another webserver. That other webserver has to go out and buy its own 
> copy, with its own domain name it it.

A copy is something identical. So, in fact you can copy that server 
cert to another server that has the same domain (load balancing), and 
it will work. Web admins do it all the time. The user will not notice 
any difference in how the SSL will work.

Another point: When we talk about a copy, we're technically talking 
about a transmission. To copy a web page to your hard disk is to 
transmit bits from the web server to your disk. To say that we cannot 
copy trust would, thus, be the same as to say that we cannot transmit 
trust. But we can and do transmit trust -- we just have to do it right 
(see refs in previous post). Similarly, we have to do it right when we 
transmit data (for example, if we don't have enough bandwidth or if 
there is too much noise, the data will be not be 100% transferred).

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list