[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Another bad day at the hash function factory

To: ietf-pkix@xxxxxxx
Subject: Re: [saag] Another bad day at the hash function factory
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Fri, 04 Mar 2005 21:04:51 +1300
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Dr Stephen Henson <shenson@xxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:

>I also notice that the examples don't include the subject public key ID
>extension. If the CA used an appropriate recommended algorithm to generate
>SKID then it could demonstrate that the certificate containing A contained a
>consistent SKID whereas the one containing B did not.

I don't think this'd help, given the wide variety of methods for generating
SKIDs, having one that doesn't match the key wouldn't indicate much unless you
could show that every cert issued by the CA except the one in question had
some deterministic mapping from key -> SKID.

Peter.

Prev by Date: Re: [saag] Another bad day at the hash function factory
Next by Date: Re: [saag] Another bad day at the hash function factory
Previous by thread: Re: [saag] Another bad day at the hash function factory
Next by thread: Comments on SCVP draft 18
Index(es):
- Date
- Thread