On Tue, Jun 01, 1999 at 11:17:32PM -0400, Rich Salz wrote:
>> Well, the authorityKeyIdentifier (consisting presumably just of a
>> KeyIdentifier) would have to match the issuer's subjectKeyIdentifier;
>> why would we care how that has been computed?
> Because the CA might not put the AKI in certs that it signs?
> Is there a requirement that a CA whose cert as SKI must propagate
> that as the AKI?
I'm afraid I can't follow you here. Even assuming that we know
exactly how the CA computes its key identifier, certificates without
an AKI don't give us the slightest hint which CA key we should hash.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
