[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Recommendation on subject matching rules needed..

To: "'Vainikainen Saku EINT'" <Saku.Vainikainen@xxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Recommendation on subject matching rules needed..
From: "Markus Lorch" <mlorch@xxxxxx>
Date: Tue, 11 Mar 2003 10:27:39 -0500
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


> Certificate contains enough data to compare the subjects and 
> the keys instead of the certificates. The comparison should - in 
> my opinion - go more or less as follows:
> 
> Allow decrypt
> 
> 1) if Subject Key Identifiers match
> 2) if Subject Unique Identifiers match
> 3) if Subjects + Subject Alt. Names match
> 4) if Issuer Key Identifiers match
> 5) if Issuer Unique Identifiers match
> 6) if Issuers match
> 

Shouldn't just being in possession of the private key be enough to 
decrypt previously encrypted data. (what is a certificate needed
for in this use case? )

I can think of a minor reason to have a certificate: to locate the 
key pair by searching for subject and key usage - however, that should
not
be the only way by which a software can locate the right key to use, or?

Markus

--------------------------------
Markus Lorch

Dept. of Computer Science (0106)
Virginia Tech, Blacksburg, VA 24061

Phone/Fax: (206) 227 0428
http://csgrad.cs.vt.edu/~mlorch

References:
- Recommendation on subject matching rules needed..
  - From: Vainikainen Saku EINT

Prev by Date: RE: Recommendation on subject matching rules needed..
Next by Date: RE: Recommendation on subject matching rules needed..
Previous by thread: Recommendation on subject matching rules needed..
Next by thread: Re: Recommendation on subject matching rules needed..
Index(es):
- Date
- Thread