|
|
|
|
08-16-2005, 12:58 AM
|
#1 |
CA Q
By using Certification Authority on WIN2K3 server, does all data become
encrypted between those with certificates? Rome |
|
|
|
08-16-2005, 03:10 AM
|
#2 |
|
Posts: n/a
|
Re: CA Q
Data is encrypted with a users Public Key or Certificate, which has been
signed by the CA. If it's an email you would encrypt it with my Public Key. If I'm using encrypted files on my windows box then I'm using a certificate I requested from the CA. As far as data being encrypted between users with certificates, do you mean network traffic? as in IP Security? If so that depends on the IP Sec Policy set for each system. If you mean email, it depends if you are forcing encryption for the Exchange Organization. More information is really required to help answer your question. -- rev MCT/MCNGP #44 .. "Rome" <> wrote in message news:%... > By using Certification Authority on WIN2K3 server, does all data become > encrypted between those with certificates? > The Rev [MCT] |
|
|
|
08-16-2005, 06:40 AM
|
#3 |
|
Posts: n/a
|
Re: CA Q
In article <#>, coolromeo29
@yahoo.com says... > By using Certification Authority on WIN2K3 server, does all data become > encrypted between those with certificates? > > > Not quite. Public and private keys (as well as generated session keys) are used by services for encryption and authentication. The MSPress Security+ book has a really good overview of how encryption works. (I wrote that chapter). Ben Smith |
|
|
|
08-16-2005, 07:06 AM
|
#4 |
|
Posts: n/a
|
Re: CA Q
So far I understand the whole concept of public & private keys, but I guess
my real question is in what situations would you use CA. The only scenario that I've done so far is issue a certificate to my IIS webserver. In what other cases can you use CA. "Ben Smith" <> wrote in message news: om... > In article <#>, coolromeo29 > @yahoo.com says... >> By using Certification Authority on WIN2K3 server, does all data become >> encrypted between those with certificates? >> >> >> > > Not quite. Public and private keys (as well as generated session keys) > are used by services for encryption and authentication. The MSPress > Security+ book has a really good overview of how encryption works. (I > wrote that chapter). Rome |
|
|
|
08-16-2005, 11:39 AM
|
#5 |
|
Posts: n/a
|
Re: CA Q
"Rome" <> prattled ceaslessly in
news:#: > So far I understand the whole concept of public & private keys, but I > guess my real question is in what situations would you use CA. The > only scenario that I've done so far is issue a certificate to my IIS > webserver. In what other cases can you use CA. > You can use it to issue all manner of public key certificates. Start here: http://www.microsoft.com/technet/pro...003/library/Te chRef/7cb7e9f7-2090-4c88-8d14-270c749fddb5.mspx or http://tinyurl.com/d4375 A little searching on your part should turn up numerous other resources on the subject. -- Catwalker aka Pu$$y Feet BS, MCP, MCSA, MCSE MCNGP #43 www.mcngp.com faq.mcngp.com "Definitely not wearing any underwear." catwalker63 |
|
|
|
08-16-2005, 02:47 PM
|
#6 |
|
Posts: n/a
|
Re: CA Q
In article <#>, coolromeo29
@yahoo.com says... > So far I understand the whole concept of public & private keys, but I guess > my real question is in what situations would you use CA. The only scenario > that I've done so far is issue a certificate to my IIS webserver. In what > other cases can you use CA. Private/Public keys are only useful if you trust that the service/person that possesses that the private key is reasonably the party that was issued the key and that the keys can used used for the attempted operation. This is where certification authorities come into play - they provide the trust structure. For example, I send you a digitally signed e-mail, which means I have signed the message by using my private key that was associated with a certificate issued to me by Microsoft, which in turn, came from an issuing CA which received it cert from a public CA (GTE, Thawte, Verisign, etc...) Because you trust the root public CA that my cert chains to, you accept that I am the person that the private keys where issued to. (meaning that you have some assurance that I really am Ben Smith). Your computer trusts all CAs in its Trusted Roots. You need CAs for any kind of distributed encryption/authentication - SSL, IPSec, Smart Card, Client Auth, 802.1x, S/MIME, etc... The alternative model is web of trust, which is as best described by one security expert I know as "completely 14th century." > > > "Ben Smith" <> wrote in message > news: om... > > In article <#>, coolromeo29 > > @yahoo.com says... > >> By using Certification Authority on WIN2K3 server, does all data become > >> encrypted between those with certificates? > >> > >> > >> > > > > Not quite. Public and private keys (as well as generated session keys) > > are used by services for encryption and authentication. The MSPress > > Security+ book has a really good overview of how encryption works. (I > > wrote that chapter). > > > Ben Smith |
|
|
|
08-16-2005, 02:50 PM
|
#7 |
|
Posts: n/a
|
Re: CA Q
Yeah... I'm gonna start a new Root CA company. Revisign, think anyone will
trust me? -- rev MCT/MCNGP #44 .. "Ben Smith" <> wrote in message news: om... > In article <#>, coolromeo29 > @yahoo.com says... >> So far I understand the whole concept of public & private keys, but I >> guess >> my real question is in what situations would you use CA. The only >> scenario >> that I've done so far is issue a certificate to my IIS webserver. In what >> other cases can you use CA. > > Private/Public keys are only useful if you trust that the service/person > that possesses that the private key is reasonably the party that was > issued the key and that the keys can used used for the attempted > operation. This is where certification authorities come into play - they > provide the trust structure. > > For example, I send you a digitally signed e-mail, which means I have > signed the message by using my private key that was associated with a > certificate issued to me by Microsoft, which in turn, came from an > issuing CA which received it cert from a public CA (GTE, Thawte, > Verisign, etc...) Because you trust the root public CA that my cert > chains to, you accept that I am the person that the private keys where > issued to. (meaning that you have some assurance that I really am Ben > Smith). Your computer trusts all CAs in its Trusted Roots. > > You need CAs for any kind of distributed encryption/authentication - > SSL, IPSec, Smart Card, Client Auth, 802.1x, S/MIME, etc... > > The alternative model is web of trust, which is as best described by one > security expert I know as "completely 14th century." > >> >> >> "Ben Smith" <> wrote in message >> news: om... >> > In article <#>, coolromeo29 >> > @yahoo.com says... >> >> By using Certification Authority on WIN2K3 server, does all data >> >> become >> >> encrypted between those with certificates? >> >> >> >> >> >> >> > >> > Not quite. Public and private keys (as well as generated session keys) >> > are used by services for encryption and authentication. The MSPress >> > Security+ book has a really good overview of how encryption works. (I >> > wrote that chapter). >> >> >> The Rev [MCT] |
|
|
|
08-16-2005, 02:56 PM
|
#8 |
|
Posts: n/a
|
Re: CA Q
did you hear Ben Smith <> say in
news: om: > "completely 14th century." ooooooooo, cool! So when willl MS be shipping that?  -- Neil MCNGP#30 - Good pings come in small packets Neil |
|
|
|
08-16-2005, 02:57 PM
|
#9 |
|
Posts: n/a
|
Re: CA Q
did you hear "The Rev [MCT]" <> say in
news:: > hink anyone will > trust me? > were you expecting us to start? -- Neil MCNGP#30 - If you can't be offensive WHY BOTHER? Neil |
|
|
|
08-16-2005, 02:58 PM
|
#10 |
|
Posts: n/a
|
Re: CA Q
In article <>,
says... > Subject: Re: CA Q > From: The Rev [MCT] <> > Newsgroups: microsoft.public.cert.exam.mcse > > Yeah... I'm gonna start a new Root CA company. Revisign, think anyone will > trust me? > > -- > rev > > MCT/MCNGP #44 > Because this stuff is so complicated, I bet lots of people would trust you. Ben Smith |
|
|
