gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Support for trusted_ca_keys extension during TLS handshake

From: Martin Paljak
Subject: Re: Support for trusted_ca_keys extension during TLS handshake
Date: Wed, 31 Oct 2012 17:06:43 +0200 
On Wed, Oct 31, 2012 at 2:22 PM, David Fuhrmann
<address@hidden> wrote:
> I have the situation that an embedded system only has a limited and static
> set of CA
> certificates installed (at production time). For these CA certificates, it
> is intended that you
> can have newer ones with an overlaping validity period. So, the server needs
> to know
> which tls certificate he needs to deliver so that the embedded system can
> verify it with
> the existing CA certificate.

Does this mean that you would have two overlapping CA
keys/certificates, with the same name but different validity periods?

This sounds like a strange setup to me. Why can't the client system
differentiate the (updated) issuer itself, by changing the common name
of the new root?

Martin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]