From: Claus Assmann <[EMAIL PROTECTED]>
ca+ssl> Is there a "simple" way to achieve a non-hierarchical trust model
ca+ssl> within TLS?
Doesn't look like it...
ca+ssl> The X.509 certificates currently allow only for one signature, right?
That is correct, at least according to the ASN.1 spec. in RFC2459
(page 74):
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate
signatureAlgorithm AlgorithmIdentifier
signature BIT STRING }
I've moaned about the same thing at work. I was seduced (sp?) a long
time ago by PGP and the trust model it used and I miss that dearly in
the X.509 world. I can't really say I trust Thawte or Verisign very
much, compared to those I've signed PGP keys for...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]