开发者

Why should the trust anchor not be included in the PKIX certification path?

问答 作者:

In the PKIX documentation it mentions:

  1. The certificate representing the TrustAnchor should not be included in the certification pat开发者_如何学编程h

My question is, where does this restriction come from? In the RFC 5280 I only found:

  1. A certificate MUST NOT appear more than once in a prospective certification path.

Does the statement (2) in RFC somehow imply statement (1)? Because I can not see it.

What problem would be created by having the trust anchor in the path as well? In the end, the TA certificate can validate itself.

Could anyone please explain this?

It's more a definitional thing, IIUC. A valid certification path is defined in RFC 5280 and one condition is that its first certificate is signed by a trust anchor (and that the issuerName of the certificate matches that trust anchor's name). (Trust anchors need not be certificates.)

继续阅读:encryptionsecuritysslssl-certificate

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9