OT: SSL certificate chain problems
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jan 30 19:57:04 EST 2007
Victor Duchovni <Victor.Duchovni at MorganStanley.com> writes:
>What I don't understand is how the old (finally expired) root helps to
>validate the new unexpired root, when a verifier has the old root and the
>server presents the new root in its trust chain.
You use the key in the old root to validate the self-signature in the new
root. Since they're the same key, you know that the new root supersedes the
expired one.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list