From: Claus Assmann <[EMAIL PROTECTED]>

ca+ssl> Is there a "simple" way to achieve a non-hierarchical trust model
ca+ssl> within TLS?

Doesn't look like it...

ca+ssl> The X.509 certificates currently allow only for one signature, right?

That is correct, at least according to the ASN.1 spec. in RFC2459
(page 74):

        Certificate ::= SEQUENCE {
                tbsCertificate          TBSCertificate
                signatureAlgorithm      AlgorithmIdentifier
                signature               BIT STRING    }

I've moaned about the same thing at work.  I was seduced (sp?) a long
time ago by PGP and the trust model it used and I miss that dearly in
the X.509 world.  I can't really say I trust Thawte or Verisign very
much, compared to those I've signed PGP keys for...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
           Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to