[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AKI and SKI problem with RFC 3280?

To: "Peter Gutmann" <pgut001@xxxxxxxxxxxxxxxxx>, <aarsenau@xxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: AKI and SKI problem with RFC 3280?
From: "Stefan Santesson" <stefans@xxxxxxxxxxxxx>
Date: Wed, 22 Oct 2003 11:09:02 +0100
Cc: <housley@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcOYeaWbTIQQjbRFSaWQfl9Q+kOxmQACiVeg
Thread-topic: AKI and SKI problem with RFC 3280?

I agree with Peter,

I think this is asking for trouble. That is my whole point.

/Stefan

> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx
[mailto:owner-ietf-pkix@xxxxxxxxxxxx]
> On Behalf Of Peter Gutmann
> Sent: den 22 oktober 2003 09:26
> To: aarsenau@xxxxxxx; ietf-pkix@xxxxxxx; pgut001@xxxxxxxxxxxxxxxxx;
Stefan
> Santesson
> Cc: housley@xxxxxxxxxxxx
> Subject: RE: AKI and SKI problem with RFC 3280?
> 
> 
> "Al Arsenault" <aarsenau@xxxxxxx> writes:
> 
> >Okay, it's only a SHOULD, not a MUST, but the scenario you reference
> below
> >only comes in to play if I signed the CMS message using my CA cert,
not
> my
> >end-entity cert.
> >
> >Got an example where this is relevant if the sKID's of two different
CA
> certs
> >are the same?
> 
> My CMS example from earlier used with SCEP.
> 
> In any case something like this should never be allowed to happen as a
> matter
> of basic protocol design.  Creating a "unique" key ID and then
> specifically
> telling people they can use non-unique IDs is just asking for trouble.
> 
> Peter.

Prev by Date: Re: AKI and SKI problem with RFC 3280?
Next by Date: The value of qualified certificates
Previous by thread: RE: AKI and SKI problem with RFC 3280?
Next by thread: RE: AKI and SKI problem with RFC 3280?
Index(es):
- Date
- Thread