In principle the SecurityBlock structure is designed to work with certificates which are stored in the overlay and then retrieved at verification time. In practice, however, the certificates are indexed into the security block by Hash(cert) but stored in the overlay under subject, so you can't retrieve them from the overlay.
There seem to be two fixes for this: (1) Modify(add to?) the certificate store usage to store certs under the fingerprint so they can be retrieved. (2) Stop claiming that you can fetch the certs and just say that for this version you must send the certs with the message. Is anyone interested in not sending all the certs with the message? If so, we should do (1). Otherwise, we should do (2). -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
