Paul Lambert wrote: > > I notice you're still attaching a root certificate of unknown > quality as part of your signature. Since it is different than my > current class 2 root for the same named authority it may or may > not be valid. If I accept your certificate and root I'm potentially > at risk that you will later maliciously create MITM certs.
Why do you care about the CA cert that signed Kyle's cert AT ALL? If you don't recognize that CA cert, they you should continue to completely ignore that CA cert. If your MUA does not let you pin Kyle's cert alone (for the purpose of verifying the signaturs on Kyles Emails), but requires you to add cert of _his_ certifcation chain to add to your trust anchors as a prerequisite for S/Mime signature verification, then the PKI software used by your MUA is seriously broken. -Martin _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
