Can we copy trust?

Dave Howe DaveHowe at
Tue Jun 3 16:47:01 EDT 2008

Ben Laurie wrote:
> Ed Gerck wrote:
>> Ben Laurie wrote:
>>> But doesn't that prove the point? The trust that you consequently 
>>> place in the web server because of the certificate _cannot_ be copied 
>>> to another webserver. That other webserver has to go out and buy its 
>>> own copy, with its own domain name it it.
>> A copy is something identical. So, in fact you can copy that server 
>> cert to another server that has the same domain (load balancing), and 
>> it will work. Web admins do it all the time. The user will not notice 
>> any difference in how the SSL will work.
> Obviously. Clearly I am talking about a server in a different domain.

Up until recently, you could buy a cert for one domain, use *it* to 
issue a cert for another domain, and the major web browsers wouldn't 
kick at the traces provided you sent both certs in the ssl handshake.

Thankfully, they fixed that before *too* many phishers figured it out.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list