Timeline for SSL root certificate optional?
Current License: CC BY-SA 3.0
3 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 12, 2020 at 13:16 | comment | added | Maarten Bodewes | I'd go as far as saying that this would be detrimental to security. In the worst case, the application at the other side decides to accept the chain without trust, or doesn't trust the chain because an identical but different root is used than the one in the trust store (although I must admit that this would be extremely stupid programming, but yeah, I've seen a lot of that) | |
| Mar 21, 2017 at 11:14 | comment | added | Robert Siemer | First answer, which points out an advantage for including the root certificate... – I’m not advocating it, because it means the root is “downloaded” on each handshake. But it also enables the user to extract and install the root certificate from the chain (which, without comparing fingerprints, is not enhancing security very much). | |
| Aug 13, 2014 at 20:15 | history | answered | jjanes | CC BY-SA 3.0 |