On 4 October 2016 at 06:12, Eric Rescorla wrote:
> with the exception of the end-entity
> certificate which MUST be first.
After testing, this part seems to be the component that stops my idea.
I could build paths to arbitrary roots with extra chains contained in
the list... but
On Mon, Oct 3, 2016 at 9:44 PM, Peter Bowen wrote:
> On Mon, Oct 3, 2016 at 5:24 PM, Jakob Bohm wrote:
> > On 03/10/2016 20:41, Kyle Hamilton wrote:
> >> WoSign is known to be cross-signed by several independent CAs (as well
> as
> >
> >> 2. There is
Hi Kyle,
On 03/10/16 19:41, Kyle Hamilton wrote:
> WoSign is known to be cross-signed by several independent CAs (as well as 1
> CA which is no longer deemed to be independent). If it wished to bypass
> any attempt to distrust it, all it would have to do is be cross-signed by
> another CA.
On Mon, Oct 3, 2016 at 5:24 PM, Jakob Bohm wrote:
> On 03/10/2016 20:41, Kyle Hamilton wrote:
>> WoSign is known to be cross-signed by several independent CAs (as well as
>
>> 2. There is only One Certificate Path that can be proven in TLS, which
>> prevents risk management
On 3 October 2016 at 19:24, Jakob Bohm wrote:
> On 03/10/2016 20:41, Kyle Hamilton wrote:
>> 2. There is only One Certificate Path that can be proven in TLS, which
>> prevents risk management by end-entities.
>>
>
> Are you sure, I thought the standard TLS protocol
5 matches
Mail list logo