nanog mailing list archives
Re: SSL Certificates
From: "John Levine" <johnl () iecc com>
Date: 16 Feb 2012 16:29:03 -0000
In article <20120216162108.GA11808 () ussenterprise ufp org> you write:
-=-=-=-=-=- In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess wrote:There is a risk that any CA issued SSL certificate signed by _any_ CA may be worthless some time in the future, if the CA chosen is later found to have issued sufficient quantities fraudulent certificates, and sufficiently failed in their duties.One thing I'm not clear about is, are there any protocol or implementation limitations that require only one CA?
I've had the same cert signed by multiple CAs, although rarely at the same time. Never tried to present both versions in the same session, though. R's, John
Current thread:
- Re: SSL Certificates Ask Bjørn Hansen (Feb 15)
- Re: SSL Certificates John Levine (Feb 15)
- Re: SSL Certificates George Herbert (Feb 15)
- Re: SSL Certificates Jimmy Hess (Feb 15)
- Re: SSL Certificates John R. Levine (Feb 16)
- Re: SSL Certificates Christopher Morrow (Feb 16)
- Re: SSL Certificates John R. Levine (Feb 16)
- Re: SSL Certificates Jeroen Massar (Feb 16)
- Re: SSL Certificates startssl.com James Triplett (Feb 16)
- Re: SSL Certificates George Herbert (Feb 15)
- Re: SSL Certificates Leo Bicknell (Feb 16)
- Re: SSL Certificates John Levine (Feb 16)
- Re: SSL Certificates John Levine (Feb 15)
- Re: SSL Certificates George Herbert (Feb 16)