[Top] [All Lists]

RE: Request change in son-of-rfc2633

2003-10-27 18:55:26

-----Original Message-----
From: Peter Gutmann [mailto:pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz] 
Sent: Monday, October 27, 2003 5:32 PM
To: blake(_at_)brutesquadlabs(_dot_)com; jimsch(_at_)exmsft(_dot_)com; 
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Request change in son-of-rfc2633

Given the recent debate over the use of keyIDs on the PKIX 
list, shouldn't
this be:

  S/MIME vAnything MUST NOT rely on the use of subjectKeyIdentifier in

My understanding of the discussion is that there could be multiple
certificates with the same SKI.  Do we need to clarify our language to
warn that there might be multiple certificates that match a particular
SKI, and you should just try out each one until you find one that works?
We'll probably need to discuss the implications of this.

Apparently I was one of the deluded folks that believed that SKI was
meant to be globally unique.