Is there anyone else out there tracking this thread? Does anyone else
see the problem or the lack of one? I think Jeff and I could both
really use some alternative insight.
It looks like the confusion concerns whether or not the key selector is a new
field within the X.509 certificate (vs. an arbitrary identifier in addition
to
the X.509 certificate), and whether or not the selector is optional in the
presence of an X.509 ccertificate containing the public key.
My reading is that the selector is an additional field outside the
certificate, and that it is optional if either the X.509 certificate or bare
public key itself are present. If my understanding is correct, I also fail
to
see any problem.
I gather that Jeff's reading is that the selector is a new, mandatory field
within the X.509 certificate. If Jeff's understanding is correct, then I
share his objections.
I did not think that the key selector is a new field in the X.509
certificate. See following messages for more discussion.
- Jeff