OT: SSL certificate chain problems

Victor Duchovni Victor.Duchovni at MorganStanley.com
Sun Jan 28 13:00:09 EST 2007

On Sun, Jan 28, 2007 at 12:47:18PM -0500, Thor Lancelot Simon wrote:

> > Wouldn't the old root also (until it actually expires) verify any
> > certificates signed by the new root? If so, why does a server need to
> > send the new root? So long as the recipient has either the new or the
> > old root, the chain will be valid.
> That doesn't make sense to me -- the end-of-chain (server or client)
> certificate won't be signed by _both_ the old and new root, I wouldn't
> think (does x.509 even make this possible)?
> Or do I misunderstand?

The key extra information is that old and new roots share the same issuer
and subject DNs and public key, only the start/expiration dates differ,
so in the overlap when both are valid, they are interchangeable, both
verify the same (singly-signed) certs. What I don't understand is how
the old (finally expired) root helps to validate the new unexpired root,
when a verifier has the old root and the server presents the new root
in its trust chain.


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list