Hi All, A very quick question regarding Certificate path validation. RFC5280 mentions that path validation begins at the trust anchor and proceeds towards the end entity certificate. The public key from ith certificate is used in verifying the signature on i+1th certificate (verification also involves checking other parameters as well). This proceeds till end entity certificate is reached.
But I see some online references which mention that the validation procedure starts from the end entity certificate and proceeds towards the root CA. Heres one of them from mozilla. https://developer.mozilla.org/en/Introduction_to_Public-Key_Cryptography#How_CA_Certificates_Are_Used_to_Establish_Trust It mentions that that the issuer of the ith certificate is located and its public key used to verify the signature on ith certificate thereby the validation seems to proceed bottomup. Can someone clarify which of the two methods is correct? Thanks, Sandeep
