From: Peter Gutmann [mailto:pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz]
Sent: Monday, October 27, 2003 5:32 PM
To: blake(_at_)brutesquadlabs(_dot_)com; jimsch(_at_)exmsft(_dot_)com;
Subject: RE: Request change in son-of-rfc2633
Given the recent debate over the use of keyIDs on the PKIX
S/MIME vAnything MUST NOT rely on the use of subjectKeyIdentifier in
My understanding of the discussion is that there could be multiple
certificates with the same SKI. Do we need to clarify our language to
warn that there might be multiple certificates that match a particular
SKI, and you should just try out each one until you find one that works?
We'll probably need to discuss the implications of this.
Apparently I was one of the deluded folks that believed that SKI was
meant to be globally unique.