At 11:06 PM 1/23/97 +0000, David Chadwick wrote:
It also seems
likely that people are going to want to push other certificates
than the
ones that are required to validate the signature or signing
certificate
trust (in the case of a dual key model where the signing and
enveloping
certificates are separate, you may want to push both the signing
and
enveloping certificates and their respective chains).
This is an arguement for a SET OF SEQUENCES in my opinion
Use of a SET OF SEQUENCES disturbs me greatly, while I don't have an
opinion on the difference between a SET or a SEQUENCE I really don't
care for the SET OF SEQUENCES.
Microsoft Exchange uses two certificates in general, one for key
exchange and one for signature. If a SET OF SEQUENCES were to be used
would I need to duplicate the chain of certificates potentially multiple
times, one for every different leaf that I send, or are clients going to
have to be able to jump around between the different sequences. This
seems to me to be a much greater hit than just shipping a single bag of
certificates and letting clients do the searching within that single
bag.
jim schaad
Microsoft Exchange