Victor Duchovni <[EMAIL PROTECTED]> writes:

>What I don't understand is how the old (finally expired) root helps to
>validate the new unexpired root, when a verifier has the old root and the
>server presents the new root in its trust chain.

You use the key in the old root to validate the self-signature in the new
root.  Since they're the same key, you know that the new root supersedes the
expired one.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to