[cryptography] Let's go back to the beginning on this
arshad.noor at strongauth.com
Tue Sep 13 20:00:51 EDT 2011
On 9/13/2011 4:44 PM, Seth David Schoen wrote:
On the other hand, a similar phenomenon occurs in other
> browsers with regard to intermediate CAs, because there's no way to
> get a list of intermediate CAs before they are encountered in the wild,
> and definitely no way to get an exhaustive list of all of the
> intermediate CAs that would be trusted.
I'm not sure I understand why it would be helpful to know all (or any)
intermediate CA ahead of time. If you trust the self-signed Root CA,
then, by definition, you've decided to trust everything that CA (and
subordinate CA) issues, with the exception of revoked certificates.
Can you please elaborate? Thanks.
More information about the cryptography