Hi Eric,
<snip>
In most cases, there's a centralized enrollment authority which doesn't
issue duplicates.
</snip>
Yes, I believe your claim for self-signed certs. But a centralized
enrollment server in an overlay which issues certs and guarantees no
duplicates can't always guarantee global uniqueness. It is likely, but
not literally guaranteed. The "globally" claim is what I doubt :)
Regards
Eric Rescorla schrieb:
On Thu, Feb 25, 2010 at 7:32 AM, neil.young <[email protected]> wrote:
3.1
Each node has a certificate [RFC5280] containing a Node-ID, which is
globally unique
I'm wondering how you want to ensure global uniqueness.
In most cases, there's a centralized enrollment authority which doesn't
issue duplicates.
In the self-assigned certificate case, the node-id must be a hash of hte
public key so is statistically unique.
-Ekr
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
