Hey, Since you mentioned TLS/SSL: I can't seem to find an answer to this questio... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

euroclydon on June 3, 2011 | parent | context | favorite | on: Insecurity in the Jungle (disk)

Hey, Since you mentioned TLS/SSL: I can't seem to find an answer to this question: Does my browser or system, need to contact the CA each time it encounters a new SSL Cert, or is having the root certificate enough?

tptacek on June 3, 2011 [–]

Your browser does not need to contact a CA to verify the signature in an SSL certificate, but may in some cases want to contact the CA to check for revocation.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact