Re: PKI Trust chain
From: Splatter (me_at_me.net)
Date: Tue, 5 Aug 2003 13:06:02 -0400
"Gregf" <firstname.lastname@example.org> wrote in message
> I am interested in implementing Win 2K certificate services. If I have
> Verisign (or similar) issue the root certificate for the root server, does
> that give me any avantage in verifying trust when communicating with
> external users? Or does it become irrelevant since we still have to
> exchange public keys?
Please elaborate, I'm not sure as opposed to what? I will guess and assume
you meant over a home rolled CA?
Getting your CA root cert from Verisign has an advantage over a self signed
root certificate because verisign ships as trusted in most OS, and browser
cert lists. If you use a home rolled root cert, users will have to install
your root certificate as a trusted party adding a step your users will have
to perform before they can use your service. If this is for a small number
of users, or a company intranet then obviously there is less of an impact,
but for a large sight with users outside the companies office, there would
be setup issues you would have to deal with.
Hope that was what you where asking