Of all the gin joints in all the towns in all the world, "Shaw, George"
had to walk into mine and say:
>
> It sounds to me like he does trust the root CA, he just wants to deny access
> to certain Sub CAs.
Correct. Specifically, "everyone else" :-)
> I think you would need to program this into
> This problem arises because of the structure behind the PKI. If your
> root CA cannot be trusted, you should also not trust the certificates
> issued by its sub-CAs.
It's not that I don't trust the Root CA; I don't trust other sub-CAs of
the Root CA, A minor but important point. The Root CA mig
On Thu, Mar 21, 2002 at 03:43:00PM -0500, Harald Koch wrote:
> So I'm attempting to verify a certificate with OpenSSL 0.9.7 snapshot
> (various versions). I trust my own CA, who's certificate is issued by a
> Root (self-signed) CA that I do not wish to trust, because it has also
> issued a CA cert
