ietf-smime
[Top] [All Lists]

Re: Certificate Distribution Specification comments.

1998-06-05 17:12:06
I've just had another thought:

"3.4  Signing Certificate

  The SMimeCertificatePublish object MUST be signed by a
  signing certificate associated with the end-entity, or a
  signing certificate of a CA in the validation path of the
  encryption certificate."

I believe one requirement is that if the keyUsage extension is present
in the signing certificate then the digitalSignature bit must be set.

In the case of a CA certificate this may well not be the case and indeed
several CAs currently do not set the digitalSignature bit. 

Perhaps the easiest solution is not to enforce this criteria for the
purpose of a CA signed SMIMECertificatePublish object.

Steve.
-- 
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.


<Prev in Thread] Current Thread [Next in Thread>