[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: system-wide crypto policies

* Daniel Pocock:

> Just out of interest, a CA can re-issue their root cert with the same
> key pair but a stronger hash.  This type of thing has happened before.

That's possible because the self-signature is not actually
meaningful. 8-)

It's different further down the tree, and some protocols (including
TLS) do not allow multiple certification chains.

Reply to: