[Top] [All Lists]

RE: Certificates Field in Signed Data

1997-02-03 16:47:33
At 11:06 PM 1/23/97 +0000, David Chadwick wrote: 

It also seems
likely that people are going to want to push other certificates
than the 
ones that are required to validate the signature or signing
trust (in the case of a dual key model where the signing and
certificates are separate, you may want to push both the signing
enveloping certificates and their respective chains). 

This is an arguement for a SET OF SEQUENCES in my opinion

Use of a SET OF SEQUENCES disturbs me greatly, while I don't have an
opinion on the difference between a SET or a SEQUENCE I really don't
care for the SET OF SEQUENCES.

Microsoft Exchange uses two certificates in general, one for key
exchange and one for signature.  If a SET OF SEQUENCES were to be used
would I need to duplicate the chain of certificates potentially multiple
times, one for every different leaf that I send, or are clients going to
have to be able to jump around between the different sequences.  This
seems to me to be a much greater hit than just shipping a single bag of
certificates and letting clients do the searching within that single

jim schaad
Microsoft Exchange

<Prev in Thread] Current Thread [Next in Thread>