Can we copy trust?

Ben Laurie ben at links.org
Mon Jun 2 22:36:55 EDT 2008


Ed Gerck wrote:
> Ben Laurie wrote:
>> But doesn't that prove the point? The trust that you consequently 
>> place in the web server because of the certificate _cannot_ be copied 
>> to another webserver. That other webserver has to go out and buy its 
>> own copy, with its own domain name it it.
> 
> A copy is something identical. So, in fact you can copy that server cert 
> to another server that has the same domain (load balancing), and it will 
> work. Web admins do it all the time. The user will not notice any 
> difference in how the SSL will work.

Obviously. Clearly I am talking about a server in a different domain.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list