Jill Ramonsky wrote: > Is it possible for Bob to instruct his browser to (a) refuse to trust > anything signed by Eve, and (b) to trust Alice's certificate (which > she handed to him personally)? (And if so, how?) > > I am very much hoping that you can answer both (a) and (b) with a yes, ok then "yes" :)
What it comes down to is a browser will trust any certificate either a) explicitly marked as trusted or b) signed by a root CA in its root certificate store so the correct procedure for (a) is for bob to delete eve's root certificate from his root store. for (b) he can either explicitly mark Alice's cert as accepted, or (technically more interesting) if he trusts her as "introducer" add her root cert - which is the same thing if she self-signed her cert - to his root store, so that *any* cert she signs is accepted. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
