[Top] [All Lists]

Re: WG Charter

1997-01-24 04:11:23
In a message dated 97-01-23 19:10:28 EST, 
(David Chadwick) writes:

<< This is odd. The X.509 spec uses SEQUENCE for its forward and reverse 
 certification paths, so why are we using SET ? This places 
 unnecessary burden on the receiver to sort out the jumble.
 If we are going to go for a SEQUENCE (or SET OF SEQUENCES which 
 solves the multiple key problem), two alternative schemes are 
 possible. Start with the trusted root (or roots), and if the receiver 
 does not know any of them, he can pack up there and then. 
 Alternatively, start with the senders certificate, and work down the 
 chain from there till you come to a certificate you trust (which 
 might be before a trusted root, so it can be more efficient)
 But if it is a bag of certificates, as proposed, then the receiver 
 has to sort them before he can start.

 I agree with you. Actually, the same thing is true for 

   1. SET OF Recipients
   2. SET OF Signers
   3. SET OF CRLs

 in SignedData , EnvelopedData and SignedAndEnveloped Data cases.

I fail to see any reason why they can not be SEQUENCE OF instead?
If someone has any valid reason I would request him to present that.



<Prev in Thread] Current Thread [Next in Thread>