Eddy Nigg wrote: >> Actually, I haven't seen evidence of that, although you did claim that when >> you imported the PKCS#12 file into the software token, that the missing CA >> cert was then found present.
>It's not a good idea to place the CA certificate on the token because >the trust bits may get confused. It's better to import the CA root into >the software store. I think it is Firefox that's confusing. I'm glad that the payment networks got it right: You don't have to install any intermediate CA certificates in the POS terminal in in order to perform a payment with an EMV token. I don't know what Firefox 3.5 does, but in MSIE you can authenticate with an EE certificate, the path is built automatically using AIA CA issuers and you don't have to trust the EE certificate either, that is for the RP to cater for. Analogy: I can't verify that my VISA card is correct, it just looks ok. Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
