Ben Laurie wrote:
Obviously. Clearly I am talking about a server in a different domain.
And we (Kelly and I) were talking about copying trust, where a copy is (as usual) a reproduction, a replication of an original. If you are copying trust from a domain, as represented by a SSL cert signed by a trusted CA, it should be a reproduction of /that/ trust -- not trust on a different domain.
If you want to "copy" trust to a different domain, then we need to transfer the trust. This is also /possible/, as you know, as long as the issuing CA has set the "CA bit" in the SSL certificate. Object Signing CA certs must have the Object Signing CA bit set.
In summary, in SSL you can both copy and transfer trust. Without further evidence, which can be provided in pvt if desired by anyone, (1) SSL is not such only example in the Internet; and (2) we can likewise copy and transfer trust in our social interactions, not just in our digital interactions.
Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
