[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate chains

To: spki@c2.net
Subject: Re: Certificate chains
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 22 May 1997 12:42:31 -0300
In-Reply-To: Your message of "Tue, 08 Apr 1997 20:54:42 EDT." <199704090054.AA27639@swan.lcs.mit.edu>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----


  A question relating to an old post of Ron Rivest's:

>A chain is valid when the following procedure never gets stuck:
>	start with the issuer of the first cert.  Call it W.

  Shouldn't this say "subject of the first cert"? The issuer is always
self... and your example suggests that as well.

>	for each cert in turn:
>		check that the issuer of that cert matches an initial
>			segment of W (or possibly all of W).
>		replace that initial segment of W with the subject of the cert

  
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBM4RpXMmxxiPyUBAxAQHNEgMAgjcEtdDHwTcpqaslzB3+GPD0sWcnCllu
WgWBuzZgyqTtjHlk56Z/qtkr7mrbPOmgk73f8RyPQrrX8DAnNFKT9Ja2+HW0uHLe
ZDJKFpcZMuUMTFAU8LS3un03RbXMRbyU
=yFgb
-----END PGP SIGNATURE-----

References:

Certificate chains

From: rivest@theory.lcs.mit.edu (Ron Rivest)

Prev by Date: definition of cert - trust in SPKI certs
Next by Date: Re: definition of cert - trust in SPKI certs
Prev by thread: Certificate chains
Next by thread: Re: Certs
Index(es):
- Main
- Thread