[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: self-signed TSA [Was Re: Private Key Cloning]

To: PKIX <ietf-pkix@xxxxxxx>
Subject: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
From: Aram Perez <aram@xxxxxxxxxxx>
Date: Thu, 22 Jun 2000 10:09:12 -0700
In-reply-to: <>
User-agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

Rich Salz wrote:

>> I'm not sure I understand your statement of having "*less* to trust".
> 
> Sorry, poorly worded.
> 
> If I trust the CA that certifies a TSA, then aren't I (by default, and
> certainly by philosophy) trusting EVERY certificate that CA issues?
> Why should I have to?

You shouldn't have to, although this is the model that most public CAs seem
to push and/or encourage. As I mentioned, a possible solution is the the use
of "anchor certificates".

Regards,
Aram Perez

Follow-Ups:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Rich Salz

References:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Rich Salz

Prev by Date: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by Date: RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt
Previous by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Index(es):
- Date
- Thread