Re: "Tree identity"

In: u/eugene

I thought *that* was what you meant by saying ‘tree’. You can have separate CA trees if that’s not what you want. Or if you want the ability to reveal the connection later, you would not publish the real root certificate and use the certificates issued by it as if they were separate roots.

🚬 sy

Apr 02 · 5 weeks ago

📻 eugene

Tree identity — So I had a random idea, and hopefully, someone more knowledgeable in the internals of x509 and related technologies can chime in. When, say, Lagrange encounters a page requesting a client certificate, it offers you an option to generate a certificate explicitly for this particular server. The certificate remains entirely disconnected from any other certificate you might be using. Which is both a good thing, as it ensures privacy, and a not so good thing, as it prevents you,...

💬 8 comments · 1 like · 2025-10-20 · 7 months ago