ietf-smime
[Top] [All Lists]

Re: Finding and retrieving applicable Attribute Certificate(s)

1998-05-06 12:03:49
From: Francois Rousseau <f(_dot_)rousseau(_at_)adga(_dot_)ca>

This
implies that the signedInfo issuerAndSerialNumber field can NOT uniquely
identify both the public key certificate and the AC for each originator.


Either I am completely confused about the point you are trying to make,
or you are confused about the difference between an attribute authority
and the subject of an attribute certificate.

To clarify:

 * a public key certificate is issued and signed by a CA.

 * one or more attribute certificates are issued and signed by one or
   more AAs, which in general are different from the CA.

 * each AC refers to one or more base public key certificates
   (the "subject") which, as you point out, can be referred to using
   either a baseCertificateID or a subjectName.

 * the CMS SignerInfo issuerAndSerialNumber field refers to one public
   key certificate.


Therefore, since the issuerAndSerialNumber field refers to one public key
certificate, and all ACs have a subject (public key certificate),
then the issuerAndSerialNumber field uniquely determines both the
signer and all ACs which apply to the signer.