In SSL/TLS, how is the authenticity of a server’s certificate verified?
Quote from an article on computerworld.com:
"The private key is used to sign the server's TLS public key, which is currently used by browsers to validate SSL certificates."
My understanding is that SSL certificates are verified using the signing CA's public key, or the public keys in a chain of trust, where necessary. Once the certificate is verified, you can be assured about the authenticity of the server's public key that is found in the certificate. The sentence that I quoted above makes it sound like the TLS public key is used to verify the authenticity of the certificate, which doesn't make sense to me. Can someone confirm that what I said is correct, or explain why what the author said is correct? I bolded the pertinent part of the quote, since the rest of it is about TACK, a new protocol intended to strengthen TLS certificates.
