When you load a new website how can we trust the website is legitmate? Is the ssl certificate downloaded in browser or perhaps we verify signed certficate with the CA immediately?
In: Technology
the SSL certificate is sent by the webserver to you, which is valid only for each connection you make to the webserver (as it is part of the encryption).
You (or your browser) check the legitimacy of that certificate by checking that some trusting agent has signed that certificate.
An attacker could have sent his own (false) SSL certificate, but then it won’t be signed by some trusting agent. Unless the attacker has also compromised the trusting agent, in which case your browser (and everyone else in the world) should ignore the signatures from that agency.
Latest Answers