Archived posting to the Leica Users Group, 2002/01/20
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]It's actually pretty simple. Let me explain. Let's suppose that you open a web site called "Wells Froggo Bank", whose purpose is to trick people into believing that you are Wells Fargo Bank. You make it look a lot like the real Wells Fargo web site. You ask for credit card numbers. How can a web site establish that it is "real"? What does it mean to be "real"? There was a fake Vatican web site in Italy for about 3 years before somebody finally noticed that its theology was a little different from that of the Pope. The answer is that you get a "certificate", which can prove mathematically that you have established your identity to whoever issued the certificate. If I am a real bank, I take the papers that prove I am real and go to a "Certificate Authority" and I get one of these online certificates and I put it on my web site, and bingo: secure connection. In a way it's like the online version of a Notary Public. The problem is that these "Certificate Authority" companies charge a lot of money for this service. The going rate is about $700/year. I'm setting up a new server that will, when I'm done, hold the LUG. I want to be able to host PAW photos on it, and I want people to be able to add and delete photographs of their own. In order to make it so that you cannot delete or deface one of my pictures, I need to set it all up as a secure server. Otherwise somebody might put up a photograph of a Republican and claim that Kyle took it.... The problem is that the computer industry is used to needing secure servers for things that involve a lot of money, so they charge a lot of money for the things that you need to make it be secure. My solution to this is that I'm going to ask LUG participants just to trust me, without having to spend $700/year on a certificate proving that I am me. To do this, I created a "Certificate Authority" certificate and signed it myself. You can see it if you look at https://server2.waverley.reid.org/ Netscape deals with this properly. It asks you, "Do you want to trust Brian Reid". You can answer yes or no, and be done with it. Internet Explorer does not. Internet Explorer, when you point it at the certificate that I created, calls it a forgery and says, incorrectly, that your communications will not be secure. I know that it is possible to create certificates that Internet Explorer is happy with, and I know that it is possible to do this without paying money to Microsoft. But I haven't figured out how to do it yet. I had in the past seen that a lot of LUG members earned their Leica money in the computer industry, and thought that perhaps one of you would know how to do this. - -- To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html