Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Another basic PKI question

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 14 Oct 2003 09:30:58 -0700
  The browser should walk up the tree to find someone it trusts.
Whether that CA is "closest to you" or root of this tree are 
irrelevant.

Dave Gillett


-----Original Message-----
From: Roger A. Grimes [mailto:rogerg () cox net]
Sent: October 12, 2003 11:38
To: security-basics () securityfocus com
Subject: Another basic PKI question


First, thanks to everyone who responded to my last question 
regarding PKI.

(The answer to that one was that yes, both public and private keys can
encrypt and decrypt (with most popular PKI protocols); but 
who encrypts and
decrypts depends on whether you are signing or 
encrypting...but yes, the
private key can encrypt.  Thank you all.)

New question:  When I recieve a digital certificate, do I (or 
my browser)
have to trust every PKI CA in the tree of trust heading all 
the way back up
to the root CA, or just the closest CA to me in the chain of 
trust?  I'm
guessing it's the latter.

Roger

**************************************************************
**************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for 
Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
**************************************************************
**************
*****


--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: