David Conrad <david(_dot_)conrad(_at_)nominum(_dot_)com> writes:
On 6/12/02 8:20 AM, "Eric Rescorla" <ekr(_at_)rtfm(_dot_)com> wrote:
But I can do
this only if I can discover certs that *aren't* either in the set it hands
me or in my local set, and TLS says nothing about how to do this.
Yes, because it's an edge case.
Scalability as an edge case. Hmm.
Well, I see that you're as confused about what I said as Bob was.
If you have a singly-rooted cert hierarchy, then you always can
provide an explicit path to a known root. This scales extremely
well.
I think it's a little early to start
worrying about cross-certification.
I think it is more than a bit late.
I guess we'll just have to differ here.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]
http://www.rtfm.com/