Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Certificates are cryptographically signed by something called a Certificate Authority(CA), and each browser has a list of CAs it implicitly trusts. These CAs are entities that have a set of cryptographic keys that can be used to sign any certificate, often for a fee. Any certificate signed by a CA in the trusted list will give a lock on a browser, because it's proven to be "trusted" and belongs to that domain.</p> <p>You <em>can</em> self-sign a certificate, but the browser will warn you that the signer is not trusted, either by showing a big error box before allowing you in, or showing a broken lock icon.</p> <p>In addition, even a trusted certificate will give an error if it's used for the wrong domain, or is modified to include another domain. This is ensured because the certificate includes the domains it is allowed to be used for, and it also has a cryptographic checksum/fingerprint that ensures its integrity.</p> <p>This is not 100% safe at the moment, as there is the possibility to fake CA certificates that use MD5, see this link: <a href="http://www.phreedom.org/research/rogue-ca/" rel="noreferrer">http://www.phreedom.org/research/rogue-ca/</a>. Though it has to be noted that this is pretty hard, as they exploited a weakness in an already existing CA, which may or may not have been closed by now.</p> <p>In essence, we trust the certificates as much as we trust that our browser providers know how to select "proper" CAs. Those CAs are only trusted on virtue of their reputation, as a single misstep theoretically would be a very heavy blow on their trustworthiness if detected.</p>
    singulars
    1. This table or related slice is empty.
    1. POwhy do we trust SSL certificates?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USDaniel Bruce
    1. USDaniel Bruce
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POwhy do we trust SSL certificates?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COPossible, but still extremely difficult. They exploited the fact that their SSL issuer was using sequential ID's on the certs it issued, and thankfully most don't do that. It also took 2 weeks of cranking on a ton of PS3's to generate the collision, and it took 4 tries before they got lucky.
      singulars
      1. PO
      1. USBob Somers
    2. COI'll clarify that it's hard, but it's noteworthy that it HAS been done. =)
      singulars
      1. PO
      1. USDaniel Bruce
    3. COI heard it's much more possible to fake the whole certificate chain. For someone controlling the uplink (e.g. for business building admin) it's not hard to make a fake distribution of Firefox (for instance) with generated fake Root CAs for it, and then divert HTTP traffic to this fake distribution. As the result, user starts with a browser with fake Root CA. Any time a SSL session is initiated, the certificates should be replaced (even generated on the fly) if the request comes from a faked client. Having all the private keys admin can monitor the whole traffic.
      singulars
      1. PO
      1. USVladimir Dyuzhev
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload