[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AKI and SKI problem with RFC 3280?

To: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Subject: RE: AKI and SKI problem with RFC 3280?
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 22 Oct 2003 09:21:25 -0400
Cc: aarsenau@xxxxxxx, ietf-pkix@xxxxxxx, pgut001@xxxxxxxxxxxxxxxxx, stefans@xxxxxxxxxxxxx, housley@xxxxxxxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 20:26 +1300 10/22/03, Peter Gutmann wrote:

"Al Arsenault" <aarsenau@xxxxxxx> writes:
Okay, it's only a SHOULD, not a MUST, but the scenario you reference below
only comes in to play if I signed the CMS message using my CA cert, not my
end-entity cert.
Got an example where this is relevant if the sKID's of two different CA certs are the same?
My CMS example from earlier used with SCEP.
In any case something like this should never be allowed to happen as a matter
of basic protocol design.  Creating a "unique" key ID and then specifically
telling people they can use non-unique IDs is just asking for trouble.
Peter.

Peter,

SCEP is not an IETF standard, and it sounds as if it's use of these extensions is not consistent with the guidance provided in 2459, and now in 3280. Whose fault is that?

Steve

References:
- RE: AKI and SKI problem with RFC 3280?
  - From: Peter Gutmann

Prev by Date: Re: AKI and SKI problem with RFC 3280?
Next by Date: RE: AKI and SKI problem with RFC 3280?
Previous by thread: RE: AKI and SKI problem with RFC 3280?
Next by thread: RE: AKI and SKI problem with RFC 3280?
Index(es):
- Date
- Thread