|
In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key. In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). ==Security issues== CAs are third parties and require both parties to trust the CA. (CAs are typically large, impersonal enterprises and a high-value target for compromise.) If the parties know each other, trust each other to protect their private keys, and can confirm the accurate transfer of public keys (e.g. compare the hash out of band), then self-signed certificates may decrease overall risk. Self-signed certificate transactions may also present a far smaller attack surface. Self-signed certificates cannot (by nature) be revoked,〔http://www.ietf.org/rfc/rfc2459.txt〕 which may allow an attacker who has already gained access to monitor and inject data into a connection to spoof and identity if a private key has been compromised. CAs on the other hand have the ability to revoke any compromised certificates they signed if alerted, which prevents its further use. Some CAs can verify the identity of the person to whom they issue a certificate; for example the US military issues their Common Access Cards in person, with multiple forms of other ID, and only when a higher authority requires the issue. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Self-signed certificate」の詳細全文を読む スポンサード リンク
|