Revision as of 01:52, 14 February 2013 edit Addbot (talk \| contribs) Bots 2,838,809 edits m Bot: Removing {{Stub}} (Report Errors) ← Previous edit		Revision as of 15:29, 22 January 2014 edit undo Mpeylo (talk \| contribs) 173 edits m RFC 3280 was updated by 5280 Next edit →
Line 3: Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate that is not already explicitly trusted. For example, in a hierarchical PKI, a certificate chain starting with a web server certificate might lead to a small CA, then to an intermediate CA, then to a large CA whose trust anchor is present in the relying party's web browser. In a bridged PKI, a certificate chain starting with a user at Company A might lead to Company A's CA certificate, then to a bridge CA, then to company B's CA certificate, then to company B's trust anchor, which a relying party at company B could trust. RFC ~~3280~~5280 <ref>RFC ~~3280~~5280 (~~2002~~May 2008), chapter 6., a standardized path validation algorithm for [[X.509]] certificates.</ref> defines a standardized path validation algorithm for [[X.509]] certificates, given a certificate path. (Path discovery, the actual construction of a path, is not covered.) The algorithm takes the following inputs: * The certificate path to be evaluated; * The current date/time; Line 28: == Implementations == * [http://www.carillon.ca/tools/pathfinder.php Pathfinder] is an open-source implementation of the algorithm in RFC ~~3280~~5280. == See also ==

Certification path validation algorithm: Difference between revisions