Quanah Gibson-Mount wrote: > --On Monday, November 04, 2013 8:54 AM +0100 Ulrich Windl > <Ulrich.Windl@rz.uni-regensburg.de> wrote: > >> Sorry, but if you insist on that, you didn't understand the concept: Any >> certificate signed (transitively) by a root CA is valid. There are no >> distinctions between more or less valid certificates; they are either >> valid or invalid. Even if you talk about a single CA, what do you mean? A >> name of a CA, or one specific certificate of a CA? Over time one CA may >> have more than one certificate. > > > Sorry, you are wrong. I suggest you think about this for a while until you > realize why blindly trusting any cert issues by any CA is not a good idea. => Cert pinning when validating client certs in the server also makes sense. Ciao, Michael.
Description: S/MIME Cryptographic Signature