> > This doesn't help you when presented a naked cert by a stranger[...]
>
> Any parseable certificate presented by a strager is good enough to
> use that public key to send email encrypted to *his* private key.
> At least if there's no chance for man-in-the-middle.
Not if the cert denies such
On Tue, 11 Dec 2001, Tat Sing Kong wrote:
>
> That's me told then, so to authenticate a certificate you need the whole
> "chain" of certs going from the cert to authenticate all the way to a
> trusted CA.
It's unlikely just authentication is of any practical use;
authorization is and risk of f
That's me told then, so to authenticate a certificate you need the whole
"chain" of certs going from the cert to authenticate all the way to a
trusted CA.
The application I am writing is presented with certs to authenicate from an
external source, and the configuration has to hold a "pool" of tr
On Mon, 10 Dec 2001, Bear Giles wrote:
> > Would this be a hassle if you have a root CA with a lot of intermediate
> > signers? That means that you have to store/locate all possible intermediate
> > signers to evaluate a couple of end user certificates.
>
> This is why PKCS12 (iirc) provides a
> Would this be a hassle if you have a root CA with a lot of intermediate
> signers? That means that you have to store/locate all possible intermediate
> signers to evaluate a couple of end user certificates.
This is why PKCS12 (iirc) provides a mechanism to provide intermediate
certs with the f
It's not REQUIRED that all certs in the chain be there, but it will
probably be useful -- at least the first time. :)
> Would this be a hassle if you have a root CA with a lot of intermediate
> signers? That means that you have to store/locate all possible intermediate
> signers to evaluate a co
A, B and C need to be available to the certificate verification process
if you wish to check that D was signed by C, which was signed by B,
which was signed by A.
> -Original Message-
> From: Tat Sing Kong [mailto:[EMAIL PROTECTED]]
> Sent: 10 December 2001 17:01
> To: Openssl-Users@Opens
