"Blake Ramsdell" <blake(_at_)brutesquadlabs(_dot_)com> writes:
Apparently I was one of the deluded folks that believed that SKI was meant to
be globally unique.
As was almost everyone else. The problem is that there are two incompatible
interpretations of the sKID:
1. Alternative chaining mechanism if chaining by DN fails, e.g. with cert
reparenting or some types of spaghetti PKIs.
2. Disambiguating factor if chaining by DN leads to multiple issuers, e.g.
with other types of spaghetti PKIs.
The problem is that taking one or the other view changes a simple "You've used
the wrong cert" (or "Cert to verify this isn't available") to "An attacker is
modifying your messages!", which will cause very different reactions in users.