certificate update for old Macs

John Chivian jchivian at chivian.com
Tue Jan 4 20:08:04 UTC 2022 

Digital certificates are built from layers of encryption based on a trusted authority.  Trust in the authority is assumed, implied, and required.  

From the human standpoint, you trust that the industry accepted certificate authority organization has done all the required due diligence to verify and validate certificate requests as legitimate, and you trust that authority to hold its base cryptographic key data secure as part of their company crown jewels.  It’s not cheap for a reason, a lot of work and resources can be involved.  An additional layer of verification is assumed, and an additional layer of encryption is added, with each link in the certificate chain.

It is in a very real sense a simple form of blockchain in which previous blocks cannot be forged.  Until quantum computers render the modern forms of encryption-based-trust obsolete (still some years away) it’s as good as you can get assuming robust cyphers and deep bit-depths.


> On Jan 4, 2022, at 13:37, Michael <keybounce at gmail.com> wrote:
> 
> 
> On 2022-01-03, at 4:12 PM, Richard L. Hamilton <rlhamil at smart.net> wrote:
> 
>> The only problem with that or anything similar, is that unless you go to quite a lot of work to just download rather than install the PEM file, and convert it into something human readable WITHOUT installing it, and investigate every certificate in there, you're trusting that the site you got it from is not only legit, but is secure and hasn't been hacked to alter the file to provide some very bogus certificates that could work together with some sort DNS spoofing to get you to feed sensitive information (ie bank passwords, etc) via an untrusted site that would capture it.
> 
> Makes sense. Now, how do you go about turning a certificate into something human readable? Serious question, I have *never* seen this discussed anywhere.
> 
> Everyone just says "As long as the roots are good you can trust the chain", and that's never made sense to me. The whole "trust what strangers say" system seems more like "Find a way for companies to make money" than any good security system.
>

More information about the macports-users mailing list