Monoculture

Dave Howe DaveHowe at gmx.co.uk
Wed Oct 1 14:30:06 EDT 2003


Jill Ramonsky wrote:
> Is it possible for Bob to instruct his browser to (a) refuse to trust
> anything signed by Eve, and (b) to trust Alice's certificate (which
> she handed to him personally)? (And if so, how?)
>
> I am very much hoping that you can answer both (a) and (b) with a yes,
ok then "yes" :)

What it comes down to is a browser will trust any certificate either
a) explicitly marked as trusted or
b) signed by a root CA in its root certificate store

so the correct procedure for (a) is for bob to delete eve's root
certificate from his root store.
for (b) he can either explicitly mark Alice's cert as accepted, or
(technically more interesting) if he trusts her as "introducer" add her
root cert - which is the same thing if she self-signed her cert - to his
root store, so that *any* cert she signs is accepted.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list