Re: PKI Trust chain

From: Splatter (me_at_me.net)
Date: 08/05/03


Date: Tue, 5 Aug 2003 13:06:02 -0400


"Gregf" <dontspame@nospam.com> wrote in message
news:eYQXa.25755$vx3.7156522@kent.svc.tds.net...
> I am interested in implementing Win 2K certificate services. If I have
> Verisign (or similar) issue the root certificate for the root server, does
> that give me any avantage in verifying trust when communicating with
> external users? Or does it become irrelevant since we still have to
> exchange public keys?

Please elaborate, I'm not sure as opposed to what? I will guess and assume
you meant over a home rolled CA?
 Getting your CA root cert from Verisign has an advantage over a self signed
root certificate because verisign ships as trusted in most OS, and browser
cert lists. If you use a home rolled root cert, users will have to install
your root certificate as a trusted party adding a step your users will have
to perform before they can use your service. If this is for a small number
of users, or a company intranet then obviously there is less of an impact,
but for a large sight with users outside the companies office, there would
be setup issues you would have to deal with.
Hope that was what you where asking
DP



Relevant Pages

  • PKI Trust chain
    ... I am interested in implementing Win 2K certificate services. ... Verisign issue the root certificate for the root server, ...
    (comp.security.misc)
  • Re: PGP and S/MIME
    ... distribute the VeriSign root certificate with their software. ... VeriSign didn't get their root certificate distributed with the major ... > five-line jobs that PGP produces. ... aren't you comparing apples and pears? ...
    (sci.crypt)
  • Re: SSL renew question
    ... check to see if your user's devices have GoDaddy's root certificate in their trusted store. ... "Michael Dragone" wrote: ... I went from VeriSign to Digicert ... > SSL change? ...
    (microsoft.public.exchange.admin)
  • Re: Verifying signed JARs in Java is crap!
    ... (Signed with a root certificate from thawte ... or verisign) ... the root cert will live in cacerts: ...
    (comp.lang.java.security)