On 25/09/13 13:25, Adam Back wrote:
On Wed, Sep 25, 2013 at 11:59:50PM +1200, Peter Gutmann wrote:
Something that can sign a new RSA-2048 sub-certificate is called a
CA. For
a browser, it'll have to be a trusted CA. What I was asking you to
explain is
how the browsers are going to deal with
Adam Back a...@cypherspace.org writes:
Is there a possibility with RSA-RSA ciphersuite to have a certified RSA
signing key, but that key is used to sign an RS key negotiation?
Yes, but not in the way you want. This is what the 1990s-vintage RSA export
ciphersuites did, but they were designed so
On Wed, Sep 25, 2013 at 11:59:50PM +1200, Peter Gutmann wrote:
Something that can sign a new RSA-2048 sub-certificate is called a CA. For
a browser, it'll have to be a trusted CA. What I was asking you to explain is
how the browsers are going to deal with over half a billion (source: Netcraft
