Talk:Public key certificate
|This article is of interest to the following WikiProjects:|
- 1 Contents of a Typical Digital Certificate
- 2 Self-referencing Definition
- 3 Removed from criticism
- 4 File Formats?
- 5 Certificate Authority vs. Provider
- 6 Change from EV t non-EV certificate
- 7 Image is not visible
- 8 Structure and Global Perspective
- 9 TLS/SSL server certificate - self-signed certificates
Contents of a Typical Digital Certificate
"...a public key certificate (or identity certificate) is a certificate..."
Isn't that a bit like saying, "A roundle blomfin is a blomfin..."
If you don't know what a 'blomfin' is, then the explanation of what a 'roundle blomfin' is won't get you very far.
188.8.131.52 15:18, 27 April 2007 (UTC)
- Good point. I tried to clarify.--agr 16:18, 27 April 2007 (UTC)
- If you link to "blomfin" in the sentence, though, the user can get that information if they do not need it. That way, the information is not duplicated. Should we describe what a certficate is on a page other than "certificate"? Dprust 17:54, 11 May 2007 (UTC)
Removed from criticism
I removed this section because it has the look and feel of a shameless plug coupled with being-written-in-five-seconds-ism. In particular, notice the lowercase "i" in the quoted text:
Public key certificates are often used for web server identification (eg. https protocol). Usually people don't understand the security model of public key certificates and neglect to read the alert information. This would result eg. in phishing attacks, when the phishing site's certificate was issued by an untrusted CA, the user click on the "go on, i want to use the application" button, and at the end the user trusts the phishing site, because "he/she can see the security lock in the bottom of the browser". There are a lot of other critics for PKI by Peter Gutmann.
I figured it was best to move it to the discussion page for, well, discussion. =) As is, it's pretty bad. Change it or lose it? --184.108.40.206 05:16, 28 September 2007 (UTC)
- This problem is definitely worthy of mention, but Peter Gutmann should probably stay out of it. And yes, the text should be rewritten in a more appropriate manner. -- intgr [talk] 16:37, 28 September 2007 (UTC)
Certificate Authority vs. Provider
Change from EV t non-EV certificate
The article says: "A web browser will give no warning to the user if a web site suddenly presents a different certificate, even if that certificate has a lower number of key bits, even if it lacks Extended Validation". I have not tested this but I would fully expect that if a site changed from an EV certificate to a non EV certificate that the "green bar" would no longer be displayed. -- Q Chris (talk) 08:12, 27 June 2012 (UTC)
- You are correct, the green bar is in fact no longer displayed. Zell Faze (talk) 20:11, 30 October 2013 (UTC)
Image is not visible
Structure and Global Perspective
I suggest to improve 2 issues:
- Structure: The Intro is overloaded. On the other side a clear description section is missing. The intro does not state any reference at all...
- Global Perspective: On the one hand, the article emphasizes the role of certificates in the TLS, on the other hand it only speaks of the European Union. What about the Americas, Asia, Africa, Australia? Needs modification.
I would appreciate your suggestions and then start improving the article.
TLS/SSL server certificate - self-signed certificates
A TLS server may be configured with a self-signed certificate. When that is the case, clients will generally be unable to verify the certificate, and will terminate the connection unless certificate checking is disabled.
From what I know, this is not quite true. Instead, I would say "unless the self-signed certificate is accepted, or certificate checking is disabled". The self-signed certificate can be accepted, in which case certificates are still checked, for this site and for others.
Is someone with particular expertise in this area able to comment?