[Top] [All Lists]

Re: Reducing signature sizes.

1998-04-08 09:19:57
From: Dr Stephen Henson <shenson(_at_)bigfoot(_dot_)com>

In the minimal case the user's certificate will not be provided. Also
since some of the CA's include the large disclaimers in the user
certificate this wont always help.

I agree with Steve.  The issuer name and serial number contained in
SignerInfo is sufficient to retrieve the user's certificate from
a repository.  If there were a global repository nothing more would
be needed.  However, there isn't.

It would be useful to define an S/MIME "subjectCertRepository"
attribute: a URI with syntax IA5String (as used in GeneralName).
This attribute, along with issuer/serial and a suitable amount of
handwaving would allow the user's cert to be retrieved using
LDAP, ftp, http, etc.

<Prev in Thread] Current Thread [Next in Thread>