In the terminology of ASN.1 and PKIX, I want a standardized PKIX extension that allows for a SEQUENCE OF Certificate within the tbsCertificate structure.
I'm trying to figure out how I'm supposed to extract all the certificates from my database without any version of keytool that I can find available for OSX 10.5 (Leopard). -Kyle H On Wed, Dec 24, 2008 at 9:55 AM, Paul Hoffman <phoff...@proper.com> wrote: > At 9:14 AM -0800 12/24/08, Kyle Hamilton wrote: >>I'd like to see an extension that allows other certificates (for the >>same public key) to be included in a certificate (self-signed or not). > > Are you asking for a Mozilla extension or a PKIX extension? If the latter, > none is needed: it is already inherent in PKIX. In fact, I am not sure that > anything needs to be done by Mozilla. The following should theoretically work: > > - Remove all trust anchors one-by-one > - Add your single trust anchor > - Sign the certs of any CA you want > - Add those signed certs to the pre-loaded validation path (not root) cert > list > > I haven't tried this myself, but it should work. I have been told that > something very similar to it works fine in XP/Vista for IE. > > --Paul Hoffman > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
