RE: Verifying certificate was signed by a trusted Authority

michael Dorrian Thu, 16 Mar 2006 17:38:44 -0800

I think David may have a point here. On the client side you have a list of CA's you trust so therefore other CA's will not be accepted. It is a big problem that you can revoke other Certs with the same CN though.

David Schwartz <[EMAIL PROTECTED]> wrote:

> ...except that it's not.
>
> A later certificate (w/ different public key) with the same CN can
> issue revocations against an earlier certificate with the same CN, per
> X.509. That's part of the problem with the entire X.509 model in the
> first place.

Is this so without the newer certificate being explicitly selected as
trusted? That would be a serious flaw and it's hard for me to believe that
could be. Do you have a reference?

DS

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]

Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.

RE: Verifying certificate was signed by a trusted Authority

Reply via email to