playing with cryptography...
Mark H. Wood
mwood at IUPUI.Edu
Sat May 3 02:42:53 CEST 2008
On Fri, May 02, 2008 at 05:55:17PM -0400, Bill Royds wrote:
> Basically a PKI-509 type signing is a tree of trust relationship, where the
> root of the tree is a set of certificate issuers that your browser or email
> program trusts whether you do or not. These then issue certificates to
"whether you do or not" is not strictly correct, I think. It sure
looks to me like I could delete some or all of the root certificates
that my browser came with, and then keys from certificates which chain
back to those removed roots would no longer be implicitly trusted.
I've never yet heard of anyone who *did* that, mind you, so in
practice the system seems to work as you say. But I don't see why it
has to.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20080502/cd33aafa/attachment.pgp>
More information about the Gnupg-users
mailing list