|
Posted by Bruce Stephens on June 8, 2007, 3:20 pm
If you were Registered and logged in, you could reply and use other advanced thread options
[...]
> Does client connect with the CA for this verification and if so,
> what protocol defines how this communication takes place? Is there
> an RFC that defines this?
>
> Or does the client have a bunch of built in public keys for well
> known CA's?
Yes, the latter. You need a set of trust anchors---<public key,name>
pairs that you trust. That's something you can't really get safely
over protocol, as you indicate. So it's assumed to be local.
Probably the easiest place to look is RFC 3280. Section 6 describes
certificate path validation.
[...]
| 
XML site map