On Fri, Jan 26, 2007 at 11:42:58AM -0500, Victor Duchovni wrote: > On Fri, Jan 26, 2007 at 07:06:00PM +1300, Peter Gutmann wrote: > > > In some cases it may be useful to send the entire chain, one such being > > when a > > CA re-issues its root with a new expiry date, as Verisign did when its roots > > expired in December 1999. The old root can be used to verify the new root. > > Wouldn't the old root also (until it actually expires) verify any > certificates signed by the new root? If so, why does a server need to > send the new root? So long as the recipient has either the new or the > old root, the chain will be valid.
That doesn't make sense to me -- the end-of-chain (server or client) certificate won't be signed by _both_ the old and new root, I wouldn't think (does x.509 even make this possible)? That means that for a party trying to validate a certificate signed by the new root, but who has only the old root, the new root's certificate will be a necessary intermediate step in the chain to the old root, which that party trusts (assuming the new root is signed by the old root, that is). Or do I misunderstand? Thor --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]