Re: Seeking officers for Free-software-friendly CA

[Dr Stephen Henson]

Nicolas Roumiantzeff wrote:
> 
> 
> In the solution I suggested, the CA cert is not installed manually (as when
> you connetc to an SSL server wich is not "chained" to a trusted CA of the
> browser) but installed automatically (by an ActiveX or a Netscape Plug-in
> using SmartUpdate). Did you get the point that the ActiveX and the plug-in
> would be signed?
> 

What about serving up the CA certificate via an SSL server whose
certificate is from a "standard" CA? Then you get the assurance that SSL
session hasn't been tampered with and a "trusted" CA has certified the
server itself.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]