In a message dated 97-01-23 19:10:28 EST,
(David Chadwick) writes:
<< This is odd. The X.509 spec uses SEQUENCE for its forward and reverse
certification paths, so why are we using SET ? This places
unnecessary burden on the receiver to sort out the jumble.
If we are going to go for a SEQUENCE (or SET OF SEQUENCES which
solves the multiple key problem), two alternative schemes are
possible. Start with the trusted root (or roots), and if the receiver
does not know any of them, he can pack up there and then.
Alternatively, start with the senders certificate, and work down the
chain from there till you come to a certificate you trust (which
might be before a trusted root, so it can be more efficient)
But if it is a bag of certificates, as proposed, then the receiver
has to sort them before he can start.
I agree with you. Actually, the same thing is true for
1. SET OF Recipients
2. SET OF Signers
3. SET OF CRLs
in SignedData , EnvelopedData and SignedAndEnveloped Data cases.
I fail to see any reason why they can not be SEQUENCE OF instead?
If someone has any valid reason I would request him to present that.