[cabfpub] BR Issue 7

Rob Stradling rob.stradling at comodo.com
Wed Nov 7 08:14:03 UTC 2012


On 06/11/12 19:20, Ryan Hurst wrote:
> There is even value in the root issued intermediates as there are often
> updated versions of roots published, inclusion of the pointer in root issued
> intermediates makes it possible for the most recent version of the
> certificate to always be discoverable.

That's true, Ryan, but I don't see why it's needed.

Making a more recent "version" of a Root Certificate discoverable does 
not mean that it magically becomes trusted by clients.  Clients will 
only trust the new "version" once it has been added to their Trusted 
Root Certificate list - an event which negates any need for discovery. 
(You can't add a Root Certificate to a trust list if you haven't 
discovered it yet!)

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online




More information about the Public mailing list