> If you steal a proxy you only have the private key for the final
> cert in the chain, so you have to present the whole chain to prove
> your right to the DN. The ACs are embedded in the cert so you can't
> remove (or alter) them without invalidating the proxy.
Thanks for the explanation - then this is indeed the possible way of dealing
with this problem...
Regards, Antun
>
> Stephen
------- End of Original Message -------
|