[AG-TECH] internal venue server
Robert Olson
olson at mcs.anl.gov
Tue Jun 22 09:14:35 CDT 2004
At 09:00 AM 6/22/2004, Jennifer Teig von Hoffman wrote:
>One question I have about all this: I'd been assuming that if your clients
>and server are all behind a firewall, that you'd need a CA of your own
>since the clients and servers couldn't communicate with a CA. But I'm
>starting to wonder if I'm mistaken. Is it enough to simply have the
>trusted CA certs, and the identity (or anonymous) certs?
Yup. This is one of the design points of the overall public key
infrastructure: one does not need access to a central database to verify
the veracity of identity certificates.
It's also one of the liabilities, as it makes certificate revocation more
difficult.
--bob
More information about the ag-tech
mailing list