OT: SSL certificate chain problems

Thor Lancelot Simon tls at rek.tjls.com
Sun Jan 28 12:47:18 EST 2007

On Fri, Jan 26, 2007 at 11:42:58AM -0500, Victor Duchovni wrote:
> On Fri, Jan 26, 2007 at 07:06:00PM +1300, Peter Gutmann wrote:
> > In some cases it may be useful to send the entire chain, one such being when a
> > CA re-issues its root with a new expiry date, as Verisign did when its roots
> > expired in December 1999.  The old root can be used to verify the new root.
> Wouldn't the old root also (until it actually expires) verify any
> certificates signed by the new root? If so, why does a server need to
> send the new root? So long as the recipient has either the new or the
> old root, the chain will be valid.

That doesn't make sense to me -- the end-of-chain (server or client)
certificate won't be signed by _both_ the old and new root, I wouldn't
think (does x.509 even make this possible)?

That means that for a party trying to validate a certificate signed by
the new root, but who has only the old root, the new root's certificate
will be a necessary intermediate step in the chain to the old root, which
that party trusts (assuming the new root is signed by the old root, that

Or do I misunderstand?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list