SSL Certificates

John Levine johnl at iecc.com
Thu Feb 16 16:29:03 UTC 2012


In article <20120216162108.GA11808 at ussenterprise.ufp.org> you write:
>-=-=-=-=-=-
>
>In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess wrote:
>> There is a risk that any CA issued SSL certificate signed by _any_ CA
>> may be worthless some time in the future, if the CA chosen is later
>> found to have issued  sufficient quantities fraudulent certificates,
>> and sufficiently failed in their duties.
>
>One thing I'm not clear about is, are there any protocol or
>implementation limitations that require only one CA?

I've had the same cert signed by multiple CAs, although rarely at the
same time.  Never tried to present both versions in the same session,
though.

R's,
John




More information about the NANOG mailing list