David Conrad <david.conrad@nominum.com> writes: > On 6/12/02 8:20 AM, "Eric Rescorla" <ekr@rtfm.com> wrote: > >> But I can do > >> this only if I can discover certs that *aren't* either in the set it hands > >> me or in my local set, and TLS says nothing about how to do this. > > Yes, because it's an edge case. > > Scalability as an edge case. Hmm. Well, I see that you're as confused about what I said as Bob was. If you have a singly-rooted cert hierarchy, then you always can provide an explicit path to a known root. This scales extremely well. > > I think it's a little early to start > > worrying about cross-certification. > > I think it is more than a bit late. I guess we'll just have to differ here. -Ekr -- [Eric Rescorla ekr@rtfm.com] http://www.rtfm.com/