Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Another basic PKI question

From: "Hols, Albert" <albert.hols () hp com>
Date: Tue, 14 Oct 2003 21:11:59 +0200
Roger,

You only have to trust the root CA (or you're asked to trust this CA)

Regards,

Albert


-----Original Message-----
From: Roger A. Grimes [mailto:rogerg () cox net] 
Sent: Sunday, October 12, 2003 8:38 PM
To: security-basics () securityfocus com
Subject: Another basic PKI question


First, thanks to everyone who responded to my last question regarding
PKI.

(The answer to that one was that yes, both public and private keys can
encrypt and decrypt (with most popular PKI protocols); but who encrypts
and
decrypts depends on whether you are signing or encrypting...but yes, the
private key can encrypt.  Thank you all.)

New question:  When I recieve a digital certificate, do I (or my
browser)
have to trust every PKI CA in the tree of trust heading all the way back
up
to the root CA, or just the closest CA to me in the chain of trust?  I'm
guessing it's the latter.

Roger

************************************************************************
****
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
************************************************************************
****
*****


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: