> Not true. I've searched on the hash of the certificate when we are > producing certificates that must maintain privacy and therefore have > garbage in the Issuer and Subject fields.
Maybe I'm just dense, but I don't get this. If you simply mask the issuer and subject fields, e.g., using a SN(?) attribute that points into an externally maintained database, then you can still use the issuer-and-serial-number indexing. Even if you generate random data for the subject field, but copy the issuer's (random) subject field, you can still use issuer-and-serial-number indexing. The only time this would break down is if you use random data in both subject and issuer, or if you deliberately reuse the same serial number. This may work for you, but the cost of supporting it may be too high for a general tool since it would require disabling other desirable features. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
