Hi Gerv, Gervase Markham wrote: > Eddy Nigg (StartCom Ltd.) wrote: > >> Or I could simply push the "Backup" button of the certificate viewer? >> Except that in this very specific case, the copyright of the different >> CA certificates are perhaps that of the CAs themselves. However >> distribution of the CA root is many times part of the CP/CPS of the >> various CAs and most of the time encouraged (The relying party should be >> able to verify the signer and CRLs etc)? >> > > I'm afraid I don't understand this question, if it is a question. > It's not a question, it's a statement ;-)
The obligations of the relying parties are often defined in the CP/CPS, which requires the RP to perform various actions, like checking the validity of the certificates, its status (CRL) etc. The RP must have the CA root to perform these actions...therefore I assume that publishing and usage of CA roots are not only a privilege but a requirement. > > Actually, apparently I was wrong about that. certdata.txt is compiled. I know, but an extraction of the certificates from that file and loading the result of this extractions at run time makes a difference I think. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security