-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
What can digital certificates authenticate that IPSec cannot?
- Thread starter RedString
- Start date
A digital certificate is a secure proof of identity. If you (or your computer) holds a digital certificate, then if contacted by another computer, it is possible for the remote computer to verify that it is talking to the computer it should be talking to.
Think of how https websites work. You access https://www.paypal.com. The first thing your comp does is take a look at the certificate on the server, and verify that the certificate says "This certificate belongs to www.paypal.com. Identity verified by Verisign, Inc. Signed. Verisign, inc.". This way, your comp knows that a hacker hasn't intercepted the communication and redirected you to a fake server. A fake server wouldn't have the certificate, and the signature on the certificate is virtually unforgeable, and without a recognisable signature, a certificate will be rejected by browsers, etc.
Certificates can be used in 2 ways:
1. Installed on a server, so that a user can be sure that they are connecting to the correct server, and not a cunningly installed fake.
2. Held by the user on their computer (or on a smart card), so that a remote server can verify that the user is who they say they are. The certificate performs the same role as a username/password, but is designed to be more secure.
IPsec has a number of techniques available to verify authenticity and identity. One of the techniques available is the use of certificates.
Certificate security for IPsec is often used on corporate VPNs, because they offer better security than usernames/passwords.
Think of how https websites work. You access https://www.paypal.com. The first thing your comp does is take a look at the certificate on the server, and verify that the certificate says "This certificate belongs to www.paypal.com. Identity verified by Verisign, Inc. Signed. Verisign, inc.". This way, your comp knows that a hacker hasn't intercepted the communication and redirected you to a fake server. A fake server wouldn't have the certificate, and the signature on the certificate is virtually unforgeable, and without a recognisable signature, a certificate will be rejected by browsers, etc.
Certificates can be used in 2 ways:
1. Installed on a server, so that a user can be sure that they are connecting to the correct server, and not a cunningly installed fake.
2. Held by the user on their computer (or on a smart card), so that a remote server can verify that the user is who they say they are. The certificate performs the same role as a username/password, but is designed to be more secure.
IPsec has a number of techniques available to verify authenticity and identity. One of the techniques available is the use of certificates.
Certificate security for IPsec is often used on corporate VPNs, because they offer better security than usernames/passwords.
Last edited:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
