cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Guillaume ROMAGNY <guillaume AT tiebogos.fr>
- To: IanG <iang AT cacert.org>
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Subject: Re: [Cacert-sysadm] structure of root keys & certs
- Date: Fri, 08 Aug 2008 23:04:22 +0200
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
- Openpgp: id=EB42B796
- Organization: Springfield Nuclear Power Plant HeadQuarters
Hi All!
IanG a écrit :
Relying parties can decide to trust only certificates for Assured Members (by selecting the Class 3 root for Assured Members as trust anchor), or all certificates (by selecting the Class 1 root for unassured Members as trust anchor).
Are we sure ? Has someone tested a webserver with only class3 root certificate ? Does the certificate validate properly ?
Does the browser keep validating till it finds a self signed cert (the class1 cert) ? or does it stop at the first trusted root cert (the class3 root) ?
Is a new set of roots likely to be the same for the future? Or do we want to change that?
We need to change the name of the root certificate ("Root CA") anyway.
I tend not to use Class 3 cert as I find it complicated when chained to Class 1 (Maybe a psychological problem) but chained roots with different trust leads to confusion.
--
Cordialement, Best regards,
Guillaume
Tiebogos (by L'Oreal), parce que je le 'veau' bien.
Vision without action is a daydream. Action without vision is a
nightmare. -- Japanese Proverb
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [Cacert-sysadm] structure of root keys & certs, IanG, 08/08/2008
- Re: [Cacert-sysadm] structure of root keys & certs, Guillaume ROMAGNY, 08/08/2008
Archive powered by MHonArc 2.6.16.