On Fri, Jan 26, 2007 at 07:06:00PM +1300, Peter Gutmann wrote:

> Victor Duchovni <[EMAIL PROTECTED]> writes:
> 
> >Generally it is enough for a TLS server or client to present its own
> >certificate and all *intermediate* CA certificates, sending the root CA cert
> >is optional, because if the verifying system trusts the root CA in question,
> >it has a local copy of that root CA cert. 
> 
> In some cases it may be useful to send the entire chain, one such being when a
> CA re-issues its root with a new expiry date, as Verisign did when its roots
> expired in December 1999.  The old root can be used to verify the new root.

Wouldn't the old root also (until it actually expires) verify any
certificates signed by the new root? If so, why does a server need to
send the new root? So long as the recipient has either the new or the
old root, the chain will be valid. Is the problem case when the verifier
has both roots, and the older of the two has expired?

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to