[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
certificate chains
over on ssl-talk, Peter Williams asked:
>Can the Netscape products detect circularities and redundancies
>in cert chains?
I think that's a fine question.
For SPKI certs, as long as people don't use
MAY-DELEGATE: *
throughout there is no chance for a certificate loop, but if everyone uses
(*) there is.
That's something we will need to keep in mind as we write verifying code.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+