[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trust Anchors

To: heimdal-discuss@sics.se, Thomas Harning Jr <thomas.harning@trustbearer.com>
Subject: Re: Trust Anchors
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 26 Feb 2008 17:37:37 +0100
In-Reply-To: <47C42DFC.1040302@trustbearer.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <47C42DFC.1040302@trustbearer.com>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>

26 feb 2008 kl. 16.19 skrev Thomas Harning Jr:

> Quick Question:
> If a domain controller's certificate is issued by one of the 'Trust  
> Anchors', will it validate successfully,
> or do you have to add the actual DC cert into a trust anchor store  
> in order for it to work?

If its send back in the PK-INIT reply, it doesn't need to be in the  
store in the client. The client only need to be able to build a path  
to any of the trust anchors that it have configured.

Love

References:
- Trust Anchors
  - From: Thomas Harning Jr <thomas.harning@trustbearer.com>

Prev by Date: Trust Anchors
Next by Date: =?iso-8859-8-i?B?5+zu+u0g5+zl7S4uIC737On06e0g7uPk6e7p7SD57CD0+vjl7yDn7OXu5fo=?=
Prev by thread: Trust Anchors
Next by thread: =?iso-8859-8-i?B?5+zu+u0g5+zl7S4uIC737On06e0g7uPk6e7p7SD57CD0+vjl7yDn7OXu5fo=?=
Index(es):
- Date
- Thread