[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate chains
-----BEGIN PGP SIGNED MESSAGE-----
A question relating to an old post of Ron Rivest's:
>A chain is valid when the following procedure never gets stuck:
> start with the issuer of the first cert. Call it W.
Shouldn't this say "subject of the first cert"? The issuer is always
self... and your example suggests that as well.
> for each cert in turn:
> check that the issuer of that cert matches an initial
> segment of W (or possibly all of W).
> replace that initial segment of W with the subject of the cert
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----