|
|
|
|
|
|
by robxorb
690 days ago
|
|
|
As a total newcomer expecting to have the use of certificates explained, that section lost me at this point: > However, the hacker somehow obtains a certificate issued to super-bank.com If the article is to explain the use, it might be good to explain first what they are. As it immediately circularly referenced certificates as if they're a concept the reader already understands, I couldn't learn anything from it. |
|
|
> To Themselves: Protect the private key of their root certificate.
Oh, there are also keys! Apparently, private (but maybe also public).
I, too, find this explanation to be poorly thought out. I generally don't like it when an explanation has to resort to metaphors in order to explain something: it usually generates more questions as to the extent of the applicability of the metaphor.
----
While I do have to use certificates in less trivial ways than just firing up the browser, I cannot comprehend some design choices that went into building this contraption. Not to mention the abysmal quality of the libraries implementing the relevant functions as well as abysmal quality of documentation to accompany it.
I'm not expert enough to point to the exact problems, or offer better solutions though...