Because they create a CA that is installed in your trusted root and set to fully-trusted for certificates of any purpose. It can generate MITM certs for any site, sign any binary, etc. Why not just a self-signed non-CA?
Hmm, but that is the problem Blizzard are trying to solve. They generate a per-machine certificate, so do not have to embed a static private key. That is the correct solution, no?
-
-
Where is the private key for that certificate supposedly held? I thought it was local to the client (which was the error I was talking about).
-
Yes, it's local to the client and only applicable to the machine it's hosted on (it can't be used to attack other machines). If you're compromised an attacker could steal it, but why would they?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.