[cryptography] Math corrections

James A. Donald jamesd at echeque.com
Wed Sep 21 19:43:19 EDT 2011

On 2011-09-22 2:30 AM, Arshad Noor wrote:
> In the first place, as you know, browsers have a trust-store of unique
> self-signed TTP CA certificates; not cross-certified certificates. All
> SSL/TLS connections between browsers and a site with an SSL certificate
> issued by one of those TTP CA's, involves a *direct* trust-chain. A
> browser user (or manufacturer) always has the ability to delete any TTP
> CA certificate from their trust-store and sever the trust-chain, at
> will. Notwithstanding the fact that most users don't know anything
> about trust-stores and TTP CA certificates, it does not change the fact
> that these are direct and independent trust-chains that can be severed
> at will.

Oh come on.

What you are saying is that in principle we could rework the pki system 
so that it is something completely different to what it is.

But it is what it is.

More information about the cryptography mailing list