On Jan 19 2015, Jakob Schlyter wrote: [...]
One should also note, that it is possible for a validator to choose not to trust an answer if it believes that some keys in the chain are too weak. Not very useful while the root is still 1024-bit RSA, but might be if that changes.
But what would you expect "not trust an answer" to result in for the end user? "Unvalidated" (as for an unrecognised signing algorithm), or "bogus"? -- Chris Thompson Email: [email protected]
