From: Dr S N Henson <[EMAIL PROTECTED]>

stephen.henson> My point was that in some applications certificates
stephen.henson> may be added from an untrusted source. An example
stephen.henson> would be an S/MIME application which adds certificates
stephen.henson> for later use from S/MIME messages. It may add
stephen.henson> certificates even though it doesn't trust the issuer
stephen.henson> so that a user might trust a certificate by out of
stephen.henson> band means. This is the kind of thing that Netscape
stephen.henson> messenger and other S/MIME clients can do. In such a
stephen.henson> case things like duplicate issuer and serial numbers
stephen.henson> may occur and should be protected against (at whatever
stephen.henson> level).

I'm not sure in what case (modulo idioty like more than 1 issuer using
the same Snake Oil certificate as CA certificate) there would be
duplication.  I can imagine that one might get the same certificate
from several source, but I'm pretty sure it could be resolved but
applying a little bit of automagic intelligence and tossing all
duplicates except for the copy that has the highest trust attached to
it.

Trust, BTW, could rather easily be handled by attaching internal
attributes to certificates with extra information.  Those attributes
are not part of the certificate itself, of course.  Was that
approximately the way you saw this being done as well?

In any case, I find this discussion a bit moot, since different
application might search for anything.  Netscape Navigator, as far as
I have understood, has the email addresses as index key for S/MIME
certificates.  I would rather see that applications can request
indexes on a rather flexible set of basic types, and request searches
according to basically whatever.  The keys used could be attached to
each certificates as another of those internal attributes I mentioned
above (and each certificate could have more than one key attached to
it).  If actual indexes are really built would be up to the plugin.
Then, having indexes based on the hash of the full certificate
wouldn't be something we'd have to decide, would it?

Does that sound like a feasible thought?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus:             http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to