[Top] [All Lists]

RE: Request change in son-of-rfc2633

2003-10-27 19:25:39

-----Original Message-----
From: Peter Gutmann [mailto:pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz] 
Sent: Monday, October 27, 2003 6:12 PM
To: blake(_at_)brutesquadlabs(_dot_)com; jimsch(_at_)exmsft(_dot_)com; 
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Request change in son-of-rfc2633

The problem is that taking one or the other view changes a 
simple "You've used
the wrong cert" (or "Cert to verify this isn't available") to 
"An attacker is
modifying your messages!", which will cause very different 
reactions in users.

Yeah, I'm with you, so the "discuss the implications of this" that I
mentioned would need to cover behavior when presented with multiple
certificates with the same SKI.

Something like:

"When looking up certificates using the subjectKeyIdentifier field,
S/MIME agents MUST be prepared to handle multiple certificates that have
the same subjectKeyIdentifier value gracefully."

No, that needs a lot of work.  I'll call him a "strawman".