Ian G wrote:
So if one wanted to "follow the standard" one could
create two keys, Alice and Bob, and have Alice
sign Bob's PK. Bob then becomes the root and is
used to sign all lower level public keys. Alice is
the trust anchor.
Then, store Alice and Bob together, and if they ever
get compromised, have Alice sign Bob's revocation.
Yes, if you apply the standard, there is no need to check the trust
anchor for being a valid CA.
Which helps to trust the old Verisign X509 V1 root CA that have no
element at all inside that says they can be trusted as CA, no basic
constraint, no key usage.
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
