Date: Wed, 22 Sep 1993 11:07:46 -0500
From: "Robert W. Shirey" <shirey(_at_)mitre(_dot_)org>
X-Sender: shirey(_at_)128(_dot_)29(_dot_)140(_dot_)20
...
This version has successfully sucked up certificates from users under MIT
and TIS CAs, but Jeff didn't say whether this early version will suck up
certificates for CAs under the MIT or TIS PCAs. If there are any such CAs
that I don't have, we shall see.
TechMail-PEM-a6 will learn of other CAs under either the MIT or TIS PCAs.
Jeff also did not say whether this implementation will suck up other PCA
certificates if they show up. Perhaps someone using COST-PEM could send me
a signed message that includes certificates for the full chain, and I'll
see what happens.
It will *not* learn other PCAs nor the CAs listed under them. A future
version will allow the end user (i.e., you) to configure in additional
PCAs but the details of how that will work are not yet finished.
I have no CRLs for the CAs for which I have certificates. Jeff did not say
whether this implementation will suck up a CRL if one shows up. Is there
an active CA that is issuing CRLs already? COST-PEM?
A6 has a bug in CRL processing. Specifically it will not like a CRL
for which the OID of the signature doesn't match the OID of the
issuing key. Normally this is correct behavior, but for compatibility
I need to kludge it to accept signatures with the RSA-ENCRYPTION OID
(under the RSA DSI arc) to be signed by keys with the RSA OID (under
the non-RSA DSI arc).
A6 will also *not* accept CRLs issued by TIS/PEM 6.0 (at least until version
6.0.5) that contain no revoked certificates.
-Jeff