On 9/13/2011 4:44 PM, Seth David Schoen wrote: On the other hand, a similar phenomenon occurs in other
browsers with regard to intermediate CAs, because there's no way to get a list of intermediate CAs before they are encountered in the wild, and definitely no way to get an exhaustive list of all of the intermediate CAs that would be trusted.
I'm not sure I understand why it would be helpful to know all (or any) intermediate CA ahead of time. If you trust the self-signed Root CA, then, by definition, you've decided to trust everything that CA (and subordinate CA) issues, with the exception of revoked certificates. Can you please elaborate? Thanks. Arshad Noor StrongAuth, Inc. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
