Thank you for the timely review! Carsten Bormann via Datatracker <[email protected]> wrote: > These rules apply when the validation succeeds in a single step as > well as when certificate chains need to be built.
> The draft uses the term "bag" for what is meant to be a set.
> Maybe stick with the "x5bag" parameter name and the prose "certificate
> bag", but when saying what it is, say that it is a set.
I believe we use the term bag because it is permissible for a certificate
artifact to appear more than once. Stupid maybe, but permissible.
I think that some systems/libaries considered the Issuer/Subject to be the
key for indexing the set, and then they got confused if there was more than
one certificate in the bag. The additional object used a different signature
and/or hash. At least, I have some dim memory of some situation being
described to me. I think that the names of the guilty parties were withheld.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
