Certificate chain of trust is 1 of those things which is conceptually simple but difficult in implementation.  The idea of private keys encrypting public keys & whose key is encrypting whose key seems to be the biggest pitfall.

The general idea is the browser has the public keys of just the root CA's & the public keys are being used to decrypt data encrypted with private keys.  Traditionally, we envision public keys encrypting data to be decrypted with private keys.  

A website provides the encrypted form of the certificates of all the root & intermediate CA's used to create its certificate, along with its own encrypted certificate.  A certificate contains the public key of the machine + a hash of meta data describing the machine.  It has to be signed.  Only a CA can sign a certificate. 

 When something is signed, it's being encrypted with a private key.  When a certificate is signed, a CA encrypts a public key & meta data with its private key.  Only the CA's public key can decrypt the certificate of the requesting machine.  The object of the game is for the browser to decrypt the website's certificate in order to decrypt the content, but the website's certificate is encrypted by an intermediate CA & the browser can only decrypt certificates from the root CA.

 The browser uses its preloaded public key for the root CA to decrypt the hash & public key of the intermediate CA.  The hash & public key of the intermediate CA were encrypted with the private key of the root CA.  Then it uses the public key of the intermediate CA to decrypt a hash & public key of the website.  The hash & public key were encrypted with the private key of the intermediate CA.  Eventually it decrypts the website's public key which can finally be used to obtain a symmetric key.

 Was amused that higher ups actually get tripped up by chains of trust as much as lions.  It's commonly assumed the browser needs to be preloaded with every intermediate CA's certificate but those are sent by the website in encrypted form.

 When a supplicant is authenticating in the EAP-TLS world, it has to verify the router's identity & the router has to verify the supplicant's identity.  The supplicant has a root CA & the router provides the full chain of trust.  Lions believe the router is preloaded with the intermediate CA for the supplicant's certificate but it's not well documented.  It kind of makes sense, since the router has provisioned many supplicants with the same CA but many supplicants have the same router's chain of trust.

 ---------------------------------------------------------------------------------------------------------



 The wrath of allah.

 

 They don't ripen in the truck.

 ---------------------------------------------------------------------------------------------------------------

 


It dropped off the news as fast as it went on, but lions finally noted how a heroine pilot shot down like that would have been unheard of, 25 years ago.  Gen X women on the front lines simply didn't exist.

The other aspect was how much more competent she was than what was gen X's joan of arc, a very minimally trained back of the pack army brat.

  To be sure, 2 of the 3 downed pilots were men & they didn't get the friendly treatment.  It refuted the idea that women in combat were going to get raped.  Maybe they would if they got shot down in enemy territory.

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

snow white

Image
    It was time to take on the lion kingdom's 1st 1 star movie. It honestly wasn't as bad as the Dictator, Bedazzled, Monty Python.  Most of the hate was from comparing it to the classic.  Visuals were good for animals who are into castles.  Wonder Heroine as the villain was a good twist.  It was bat shit boring.  Tedious jobs like dialog writing are all automated now & that's definitely not as bad as other movies.  Automated 3D model generation has made modern visuals very lavish.  If only that level of detail could be done in realtime for VR goggles.    Zegler was back from her previous engagement in district 12.   The mane redeeming factor for lions was evil Wonder Heroine.     & finally the Joan of Arc scene everyone hated.    & the ending just fizzled.  It seems they're trying to depart from the physicality of past heroine warriors & make them more like housewives.  It's h...
Read more
Image
 https://finance.yahoo.com/personal-finance/investing/article/as-the-average-retirement-age-continues-to-rise-will-passive-income-be-the-solution-162047139.html Cutting through another load of AI filler, Boston College & Grok say the retirement age is rising yet all the gootube commenters say the retirement age is falling.  Always bad news from organized media.  Always good news from the internet demographic.  Suspect the internet is still manely the geeks, technology professionals, high earners with the means to be online most hours.  So the stonk market melted up when the government shut down & crashed when the government reopened.  Only the government can make the stonk market crash. It wasn't government pension funds but government borrowing. --------------------------------------------------    https://growmane.blogspot.com/2025/02/s-bear-market-being-what-it-is-apple.html Then lions realized the natural spoken language interfaces ...
Read more
Image
 Finally tracked down the Sun bootloader font from many decades ago & put it in Cinelerra as gallant12x22.  Put Sun Gallant Demi into the goog to get useful results. https://github.com/dim13/gallant/tree/master/ttf   It's a fixed point font in an archaic format.  Some guy converted it into a TTF with a lot of antialiasing.  He has a PNG image showing no antialiasing.  It has to be set to size 22 & requires a threshold to get rid of the antialiasing.  Freetype might be shifting it 1/2 pixel vertically. It had a kind of curiosity value, but lions have had no need for any fixed point fonts besides the 24pt Sony of CAEDM fame. Another hit said it was 1 of the fonts available in kernel framebuffer mode.  Lions haven't used kernel framebuffer mode in decades.  It could possibly replace 24pt Sony if lions wrote a fixed point converter. As for the other Sun lore, there's some potato cam footage of the Sun flight simulator, Aviator.  You ...
Read more