Revision as of 18:11, 18 November 2016 edit InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,695,156 edits Rescuing 1 sources and tagging 0 as dead. #IABot (v1.2.7.1) ← Previous edit		Revision as of 01:14, 25 March 2017 edit undo PrimeBOT (talk \| contribs) Bots 2,129,981 edits m convert deprecated magic links to template usage, update CS1 params in templates - BRFA Next edit →
Line 3: Path validation is necessary for a [[relying party]] to make an informed trust decision when presented with any certificate that is not already explicitly trusted. For example, in a hierarchical PKI, a certificate chain starting with a web server certificate might lead to a small CA, then to an intermediate CA, then to a large CA whose trust anchor is present in the relying party's web browser. In a bridged PKI, a certificate chain starting with a user at Company A might lead to Company A's CA certificate, then to a bridge CA, then to company B's CA certificate, then to company B's trust anchor, which a relying party at company B could trust. ~~RFC~~{{IETF RFC\|5280}}<ref>~~RFC~~{{IETF RFC\|5280}} (May 2008), chapter 6., a standardized path validation algorithm for [[X.509]] certificates.</ref> defines a standardized path validation algorithm for [[X.509]] certificates, given a certificate path. (Path discovery, the actual construction of a path, is not covered.) The algorithm takes the following inputs: * The certificate path to be evaluated; * The current date/time; Line 28: == Implementations == * [https://web.archive.org/web/20091025134124/http://www.carillon.ca:80/tools/pathfinder.php Pathfinder] is an open-source implementation of the algorithm in ~~RFC~~{{IETF RFC\|5280}}. == See also ==

Certification path validation algorithm: Difference between revisions