OT: SSL certificate chain problems

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jan 30 19:57:04 EST 2007

Victor Duchovni <Victor.Duchovni at MorganStanley.com> writes:

>What I don't understand is how the old (finally expired) root helps to
>validate the new unexpired root, when a verifier has the old root and the
>server presents the new root in its trust chain.

You use the key in the old root to validate the self-signature in the new
root.  Since they're the same key, you know that the new root supersedes the
expired one.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list