[cryptography] Let's go back to the beginning on this

Arshad Noor arshad.noor at strongauth.com
Tue Sep 13 20:00:51 EDT 2011


On 9/13/2011 4:44 PM, Seth David Schoen wrote:
   On the other hand, a similar phenomenon occurs in other
> browsers with regard to intermediate CAs, because there's no way to
> get a list of intermediate CAs before they are encountered in the wild,
> and definitely no way to get an exhaustive list of all of the
> intermediate CAs that would be trusted.

I'm not sure I understand why it would be helpful to know all (or any)
intermediate CA ahead of time.  If you trust the self-signed Root CA,
then, by definition, you've decided to trust everything that CA (and
subordinate CA) issues, with the exception of revoked certificates.

Can you please elaborate?  Thanks.

Arshad Noor
StrongAuth, Inc.



More information about the cryptography mailing list