[cabfpub] BR Issue 7
Rob Stradling
rob.stradling at comodo.com
Wed Nov 7 08:14:03 UTC 2012
On 06/11/12 19:20, Ryan Hurst wrote:
> There is even value in the root issued intermediates as there are often
> updated versions of roots published, inclusion of the pointer in root issued
> intermediates makes it possible for the most recent version of the
> certificate to always be discoverable.
That's true, Ryan, but I don't see why it's needed.
Making a more recent "version" of a Root Certificate discoverable does
not mean that it magically becomes trusted by clients. Clients will
only trust the new "version" once it has been added to their Trusted
Root Certificate list - an event which negates any need for discovery.
(You can't add a Root Certificate to a trust list if you haven't
discovered it yet!)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list