public key distribution schemes

[Ajay <abra9823 () mail usyd edu au>]

hi!

i have an application where users download some XML files from a server.
Users also download RSA signatures for those files.
The users then load the file and corresponding signature into a component
of the application and it performs a RSA verify operation.

what i'd like to know is how to get the server's public key (to perform the
verify) to the user?

one solution that presents itself is to have a CA signed server certificate
which contains its public key. but then the question is how does the user
get the server certificate.

thanks

cheers

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.