Can we copy trust?

Ed Gerck edgerck at
Tue Jun 3 12:03:26 EDT 2008

Ben Laurie wrote:
> Obviously. Clearly I am talking about a server in a different domain.

And we (Kelly and I) were talking about copying trust, where a copy is 
(as usual) a reproduction, a replication of an original. If you are 
copying trust from a domain, as represented by a SSL cert signed by a 
trusted CA, it should be a reproduction of /that/ trust  -- not trust 
on a different domain.

If you want to "copy" trust to a different domain, then we need to 
transfer the trust. This is also /possible/, as you know, as long as 
the issuing CA has set the "CA bit" in the SSL certificate. Object 
Signing CA certs must have the Object Signing CA bit set.

In summary, in SSL you can both copy and transfer trust. Without 
further evidence, which can be provided in pvt if desired by anyone, 
(1) SSL is not such only example in the Internet; and (2) we can 
likewise copy and transfer trust in our social interactions, not just 
in our digital interactions.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list