Re: unpublished public keys (was: voting)

Jeff,

I'm having a great deal of trouble understanding the problem you're
trying to describe.  As someone who has implemented both RFC 1421 and
PEM/MIME I had no trouble with what I understand to be your problem
(which could be wrong, of course).  Let me try to describe what I
perceive to be your problem so I can test my understanding.

In your particular implementation of RFC 1421, you take the
issuer-name/serial-number identifier, break out the pieces, and use each
individual to help you identifier the certificate/public-key you need.
In other words, your implementation takes advantage of knowledge of the
structure of the elements of the identifier, that is, you know the name
form is a distinguished name and that the key selector is serial number.


I have already implicitly replied to this by responding to Bob
Jueneman, but let me explicitly reply.

MIME/PEM does not accomodate certification schemes.  Instead it
imposes its own by requiring every implementation to redesign in order
to create, store and transmit the key selector.  Your message
describes a technique for doing such a redesign, but this is not what
I want to hear.  I want MIME/PEM to be fixed so that it doesn't
require every application to redesign its trust and identification
schemes. 

Steve Dusse writes:

      Now explain to me what 
      my application is supposed to do when someone encrypts a message with 
      my public key with a key selector I've never seen before.  This is 
      just one example of an out-of sync comdition.  For n different 
      identifiers there are about n squared of these conditions to deal 
      with.  None of this is addressed in the current spec and to do so may 
      take more pages then the existing text !!

I'd like to see you address these points, as well as the one I raised
to Bob:

  All keypair holders must now choose a
  key selector to place in the Originator-ID field.  This means the
  Macintosh AOCE signer file, which works great with PKCS and could
  easily be used to format an RFC 1421 signed message, cannot be used
  for MIME/PEM because it doesn't contain a key selector.

Speak to the engineer at Apple who is given the task of adding MIME
formatting ability to AppleLink and has to explain to his boss that
all the AOCE signer files in existence have to updated first.  This is
in part why the arbitrary key selector should not be required in the
MIME/PEM identifiers.

- Jeff

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Re[2]: voting, (continued) Re: Re[2]: voting, James M Galvin Re: voting, Dave Crocker Re: voting, Peter Williams Re: voting, James M Galvin Re: voting, Jeff Thompson Re: voting, Mr Rhys Weatherley Re: voting, Peter Williams Re: unpublished public keys (was: voting), James M Galvin Re: unpublished public keys (was: voting), Jeff Thompson Re: unpublished public keys (was: voting), James M Galvin Re: unpublished public keys (was: voting), Jeff Thompson <= Re: unpublished public keys (was: voting), Steve Kent Key selector survey, jefft Re: Key selector survey, Mr Rhys Weatherley Re: voting, Dave Crocker Re: voting, Steve Crocker Re: voting, Peter Williams Re: voting, Steve Crocker

Previous by Date:	Re: Public key identifier, Jeff Thompson
Next by Date:	Re: X.509 v3 Certificate, John Linn
Previous by Thread:	Re: unpublished public keys (was: voting), James M Galvin
Next by Thread:	Re: unpublished public keys (was: voting), Steve Kent
Indexes:	[Date] [Thread] [Top] [All Lists]