Timeline for Send a CA certificate via email without a digital signature?
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 29, 2019 at 9:02 | comment | added | mat | With subject in this context I mean the certificate's owner, which is your friend. As said, it is not completely secure since you cannot be sure if the sender of the mail is actually in possession of the private key. | |
| Aug 28, 2019 at 7:45 | comment | added | Robert | By subject you mean the friend? Of course there is a security hole if the friend has lost his private key. But my question was whether it is save to send the certificate via email (without encryption and/or a digital signature) which was issued and signed by a trusted CA. | |
| Aug 27, 2019 at 15:27 | comment | added | mat | I'm not talking about altering the certificate. The subject has had exclusive control of its private key at the time the certificate was issued (assuming the CA followed proper procedures). This might have changed in the meantime. The subject may have lost access to the private key. | |
| Aug 27, 2019 at 15:14 | comment | added | Robert | The fact that public key X belongs to person Y was signed by authority Z, how does the certificate being arbitrarily copyable impose a risk? If you copy and somehow alter the owners public key (or name or whatever), the hashes won't match. If you copy and alter the signature, the decryption via the root cert will not provide the correct hash. No? | |
| Aug 27, 2019 at 14:38 | history | answered | mat | CC BY-SA 4.0 |