AD asks:
(12) section 7: I don't see how to send a reference to a certificate -
5.3.4 doesn't seem to allow for that now - wouldn't you need a new
CertificateType for that?
By a reference you mean, e.g., a URL?
Yeah a URL could be an example. The text says you can send a
reference to the cert but I don't see a field where I can put
e.g. a URL "thus avoiding the need to send a certificate" as
it says.
Ekr noted: This appears to be a real defect. I think it's a version
skew problem. The certificate indicators are hashes, so how does this
work?
EKR responded 6/8/12
https://www.ietf.org/mail-archive/web/p2psip/current/msg06225.html
In principle the SecurityBlock structure is designed to work with
certificates which are stored in the overlay and then retrieved
at verification time. In practice, however, the certificates are
indexed into the security block by Hash(cert) but stored in
the overlay under subject, so you can't retrieve them from
the overlay.
There seem to be two fixes for this:
(1) Modify(add to?) the certificate store usage to store certs
under the fingerprint so they can be retrieved.
(2) Stop claiming that you can fetch the certs and just say that
for this version you must send the certs with the message.
Is anyone interested in not sending all the certs with the message?
If so, we should do (1). Otherwise, we should do (2).
Okay folks? Which do we do?
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
