On Fri, May 02, 2008 at 05:55:17PM -0400, Bill Royds wrote: > Basically a PKI-509 type signing is a tree of trust relationship, where the > root of the tree is a set of certificate issuers that your browser or email > program trusts whether you do or not. These then issue certificates to
"whether you do or not" is not strictly correct, I think. It sure looks to me like I could delete some or all of the root certificates that my browser came with, and then keys from certificates which chain back to those removed roots would no longer be implicitly trusted. I've never yet heard of anyone who *did* that, mind you, so in practice the system seems to work as you say. But I don't see why it has to. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite.
pgpzNliaejX3v.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
