Edit - Information Security Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

First answer, which points out an advantage for including the root certificate... – I’m not advocating it, because it means the root is “downloaded” on each handshake. But it also enables the user to extract and install the root certificate from the chain (which, without comparing fingerprints, is not enhancing security very much).

Robert Siemer
– Robert Siemer

2017-03-21 11:14:37 +00:00
Commented Mar 21, 2017 at 11:14
1

I'd go as far as saying that this would be detrimental to security. In the worst case, the application at the other side decides to accept the chain without trust, or doesn't trust the chain because an identical but different root is used than the one in the trust store (although I must admit that this would be extremely stupid programming, but yeah, I've seen a lot of that)

Maarten Bodewes
– Maarten Bodewes

2020-11-12 13:16:19 +00:00
Commented Nov 12, 2020 at 13:16

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »