On 01.04.2010 07:42, Michael Ströder wrote: >> That aspect is covered by the CMS spec, actually. From RFC 5652, section >> 6.2.1: >> >> When an X.509 >> certificate is referenced, the key identifier matches the X.509 >> subjectKeyIdentifier extension value. >> >> IOW, Outlook shouldn't use this format for referring to this particular >> cert. Also, noted that RFC 5280 only mentions "two common methods for >> generating key identifiers", there is no single standardized way for >> calculating the key id. > > If you read the whole section you've cited an excerpt from it's getting > blurry. I took this to the ietf-smime mailing list for clarification. Are you > subscribed there too?
No, I'm not subscribed to that, but I don't see what you mean by "it's getting blurry" after the sentence quoted above. If there's no SKID extension, then there's no extension value, so Outlook's way of referencing the cert is pretty broken, IMO (see also Blake's conclusion in http://www.ietf.org/mail-archive/web/smime/current/msg18730.html). Kaspar -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
