On Thu, Mar 23, 2000 at 11:13:02AM +0100, Kick Willemse wrote:
> Dear all,
>
> I am looking for a method for good root distribution! Offcourse i am not
> willing to pay XXXXX to m$ or N$. Is there anybody who can help me with
> some code examples for a website that automatically checks if the root
> cert is available and if not it imports the root cert? I know you can do
> this with a button pointing to a ca.crt but i am looking for code that
> does this proactive?
Users can import new root CA certs into Netscape and MSIE by
going through a series of dialog boxes. Just send it in the SSL/TLS
negotiation.
Automatically importing a root ca cert into the trusted cert database
would be a massive security hole... an attacker with a bogus web site
could simply make his own equally bogus root cert, send it to
the browser, then authenticate as "Amazon" or whatever.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
