To-do list for Certificate authority:
-- Cryptoki 01:25, 21 February 2007 (UTC)
|
This article is written in British English, which has its own spelling conventions (colour, travelled, centre, defence, artefact, analyse) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus. |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||
|
I understand that provided usage example tried to explain topic in layman's terms, but it shouldn't be done at expense of accuracy. In current state it is factually wrong, public keys are not received "along with all the data that his web-browser displays"; public/private key are not used to encrypt client data, instead they used to securely establish joint shared secret, which in turned used to encrypt application data both ways with symmetric key cipher. Besides, this sample usage doesn't really belong to CA article even if described correctly. — Preceding unsigned comment added by 60.241.87.202 (talk) 14:41, 4 October 2012 (UTC)
Who was the first commercial CA?
Should there not be some discussion and references to the methods involved in developing a third party trust particular to the Certificate Authority/PKI technology and industry?
http://www.ietf.org/rfc/rfc3647.txt
Internet Engineering Task Force IETF RFC3647
November 2003M
"This document presents a framework to assist the writers of certificate policies or certification practice statements for participants within public key infrastructures, such as certification authorities, policy authorities, and communities of interest that wish to rely on certificates. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy or a certification practice statement. This document supersedes RFC 2527."
http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+X9.79%3A2001
American National Standards Institute ANSI X9.79:2001
2001
"Defines the components of a PKI and sets a framework of practices and policy requirements for a PKI. The standard draws a distinction between PKI systems used in open, closed and network environments. It further defines the operational practices relative to industry accepted information systems control objectives. PKI practices implementing this standard can support multiple policies that incorporate the use of digital signature technology. This standard allows for the implementation of operational, baseline PKI practices that satisfy industry accepted information systems control objectives."
http://ftp.webtrust.org/webtrust_public/tpafile7-8-03fortheweb.doc
AICPA/CICA Web Trust Program for Certificate Authorities Version 1.0
American Institute of Certified Public Accountants/
Canadian Institute of Chartered Accountants
August 25, 2000
"This document provides a framework for licensed WebTrust® practitioners to assess the adequacy and effectiveness of the controls employed by certification authorities (CAs)." (p12!)
http://www.ietf.org/rfc/rfc2527.txt
Internet Engineering Task Force IETF RFC2527
March 1999
"This document presents a framework to assist the writers of certificate policies or certification practice statements for certification authorities and public key infrastructures. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy definition or a certification practice statement."
While "certificate authority" is common, "certification authority" is the more correct (cf. "registration authority", not "register authority"). "Certification authority" is the term standardized by X.509. --Ant 09:38, 8 January 2007 (UTC)
It says "Bob can be tricked into accepting a forged signatures from Alice", but Alice is the good girl here, so I would recommend to change "apparently from Alice". -- Mtodorov 69 10:31, 14 May 2007 (UTC)
I notice there's been a series of edits (1, 2, 3) changing Mallory's gender. The Wikipedia article on the topic doesn't specify a gender for Mallory, though. I don't think the gender's terribly important, and it would be nice if editors would direct their attention to parts of the article in greater need of improvement. zazpot (talk) 20:45, 24 February 2009 (UTC)
The bit about April 2007 market shares has Network Solutions separated from "VeriSign and its acquisitions," but the VeriSign article says that Network Solutions was acquired by VeriSign in 2000. Can someone clarify or verify?
-- Verisign bought Network Solutions in 2000 for $15 billion in stock. It sold Network Solutions' internet registrar business in 2003 to Pivotal Private Equity for $100 million (retaining exclusive control of the registry business). --Cryptoki 16:18, 7 June 2007 (UTC)
The Security Share link goes to a page that requires registration. Is there a freely available source for the information instead? If not, I think the link should be deleted as per Wikipedia:External_links#Sites_requiring_registration 67.43.134.60 (talk) 01:00, 11 April 2008 (UTC)
Any comment on how the sole purpose of a certificate expiring is to make CAs more money? I don't have a problem with losing the ability to sign an applet after two years, but those applets that I have signed, what makes them not secure anymore simply because a date has passed? --npapadon 16:58, 1 Dec 2008 (UTC)
there needs to be a security section which covers:
--134.2.186.8 (talk) 10:56, 4 July 2009 (UTC)
It's confusing in basic sentence structure and flow. Here's how:
Mallory (using the Alice and Bob convention), manages to get a CA to: 1) issue a false certificate tying Alice to the wrong public key with the corresponding private key being known to Mallory. this allows Mallory to receive confidential messages meant for Alice. 2) issue a certificate and private key to Mallory that contains elements of Alice's identity, allowing similar subversions of confidentiality; "
are 1) and 2) AND conditions or are they OR conditions for the subversion to succeed?
Then if Bob subsequently obtains such a certificate..."
which certificate, 1) or 2)?
Also for 1), does "tying alice to the wrong public key" mean, essentially, that Mallory represented himself as Alice (or an agent acting for Alice?). If so, wouldn't it be better to state it as "1) Mallory impersonates Alice and gets the CA to issue him a certificate that purports to represent Alice. This allows..." But then, if that's a correct rephrasing of 1), I don't understand what the difference is between 1 and 2. Leotohill (talk) 01:50, 3 December 2008 (UTC)
I did a small update of URLs to make them point to the new page where Mozilla lists its builtin CAs. — Preceding unsigned comment added by Espadrine (talk • contribs) 12:25, 25 August 2011 (UTC)
Who invented the idea of certificates? In what year, and after what discussions? When and why did net-creating org's accept them, and after what discussions? How were they established as the basis of trust in the WWW? Who made those decisions? What are the names of the first CA's, and what are the practical and legal requirements of becoming a CA? Who regulates them? What did the original CA's need to do to establish the trust of customers, net creators, governments and regulatory authorities?
(Some of these questions may be answered in the article; I'm only trying to point out that while the article looks clear about -what exists-, it's unclear why they have any authority or deserve any trust.) Twang (talk) 19:45, 20 September 2011 (UTC)
The first citations were introduced in this version of the article in December 2008. The date format was YYYY-MM-DD and citation templates were used. Jc3s5h (talk) 10:45, 23 May 2012 (UTC)
I think we should remove the warning in the "Issuing a certificate" section as I see nothing on this talk page explaining what needs to be done. Eiler7 (talk) 15:59, 2 September 2012 (UTC)
I have not been able to find out, on the net, the answer to this simple question that a wikipedia article should answer: does this business with CA's and root certification have anything at all to do with the average user browsing the internet, or does it only apply to computer experts who are sending and receiving encrypted messages? A wikipedia article should start right off explaining when and where the CAs apply.77Mike77 (talk) 15:51, 14 November 2013 (UTC)
The definition says "Commercial CAs [...] issue certificates that will automatically be trusted by most web browsers". The statement is currently true, but it implies that non-profit CAs like CAcert will never make it into mainstream, a somewhat annoying concept. It is also true that the boost of certification occurred after Internet commerce. However, I would not define cryptography as a commercially-oriented discipline.
Browsers are highly generic applications, so it is difficult to tell whether online commerce is their main job. Mail clients and VPNs seem to be somewhat more restricted in scope. The article silently assumes that certificates good for browsers are also good for any other application. If that is correct, it should be explained.
Finally, a site which uses self-signed certificates is obviously acting as its own CA. There is no mention of this.
I'll try and amend the definition as soon as I'm inspired enough... ale (talk) 16:21, 20 December 2013 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Certificate authority. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template ((source check))
(last update: 18 January 2022).
Cheers.—InternetArchiveBot (Report bug) 11:14, 20 January 2018 (UTC)
WP:NOR specifies that "Wikipedia articles must not contain original research," and W3Techs is apparently OR. I agree that information about relative popularity of CAs is important, but this information might not be reliable. Also, it is reported in a potentially misleading manner: the survey tracks CA market share among groups of sites according to their popularity (e.g., top-n sites) but the article does not specify the difference and does not mention the sample group. — Preceding unsigned comment added by 130.126.255.74 (talk)