On Sat, Aug 23, 2003 at 07:38:25PM +0200, Adam ENDRODI wrote: > Perhaps I just misinterpret the terminology, but I've had the > impression that every certificate should be signed, so should the > root of the tree too. Since they sit at the top of the hierarchy > they must be self signed. Am I missing something?
Nope, you've pretty much got it. At some point in the tree, you need to trust a key. It's not that hard to establish trust for one key, but it's very hard to establish trust for all keys. Thus, you establish trust in the certificate authority and trust keys signed by it. If you don't want to run your own certificate authority or pay a commercial one to sign your key, and you don't have a lot of certificates to deal with, you can have each key simply be self-signed, which I believe is what's being recommended here. noah
pgpgmX3H7vhVZ.pgp
Description: PGP signature
