[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Embedded certificate image

To: ietf-pkix <ietf-pkix@xxxxxxx>
Subject: Re: Embedded certificate image
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Wed, 29 Jul 2009 23:55:37 +0200
In-reply-to: <C68BFCE2.36A1%stefan@xxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcoJ6a+BhbDwMA2b20+h06qSltpcaAAXuBOMAZOvk3Q=
Thread-topic: Embedded certificate image
User-agent: Microsoft-Entourage/12.20.0.090605

Title: Re: Embedded certificate image

Jim Schaad provided a very interesting idea to this issue at PKIX today

It seems that there are ways to store base64 encoded data in a URL. Since all images are located through a URL, this opens interesting possibilities if the URL actually contains the image data itself.

I think it could make sense in many situations and environments to provide the image inside the certificate in this form.

Russ came up with a concern that all hash attacks loves big chunks of random data that can be used to create collisions. Counter arguments is that this is only a concern is a week hash is used and also that the data has some structure as it is base64 encoded.

Jim, could you provide more specific information about the underlying specification that would enable this?

/Stefan

Follow-Ups:
- RE: Embedded certificate image
  - From: Miller, Timothy J.
- Re: Embedded certificate image
  - From: Peter Gutmann

References:
- Re: Embedded certificate image
  - From: Stefan Santesson

Prev by Date: Re: WGLC on draft-ietf-pkix-new-asn1-05.txt
Next by Date: Re: Embedded certificate image
Previous by thread: Re: Embedded certificate image
Next by thread: Re: Embedded certificate image
Index(es):
- Date
- Thread