-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/16/2012 11:41 AM, Dean Willis wrote: > > AD asks: > > (12) section 7: I don't see how to send a reference to a certificate - > 5.3.4 doesn't seem to allow for that now - wouldn't you need a new > CertificateType for that? > > By a reference you mean, e.g., a URL? > > Yeah a URL could be an example. The text says you can send a reference to > the cert but I don't see a field where I can put e.g. a URL "thus avoiding > the need to send a certificate" as it says. > > Ekr noted: This appears to be a real defect. I think it's a version skew > problem. The certificate indicators are hashes, so how does this work? > > EKR responded 6/8/12 > https://www.ietf.org/mail-archive/web/p2psip/current/msg06225.html > > In principle the SecurityBlock structure is designed to work with > certificates which are stored in the overlay and then retrieved at > verification time. In practice, however, the certificates are indexed into > the security block by Hash(cert) but stored in the overlay under subject, > so you can't retrieve them from the overlay. > > There seem to be two fixes for this: (1) Modify(add to?) the certificate > store usage to store certs under the fingerprint so they can be retrieved. > (2) Stop claiming that you can fetch the certs and just say that for this > version you must send the certs with the message. > > Is anyone interested in not sending all the certs with the message? If so, > we should do (1). Otherwise, we should do (2). > > > Okay folks? Which do we do?
I support (2) - -- Marc Petit-Huguenin Email: [email protected] Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQv3lwAAoJECnERZXWan7E/gwQAISM7x7hXU2eBUUCDATGvPyA LTOdaLGL0TaFOwJd0zC9cc50QQPAJNhkMmLMtUbfLntxIodqALbg8YR+VPUxQM91 ejJ6F1kvPw7qvwSkponqntGvwNDtpzSniHxCuXvBtkfV367qx0nradeeiVsWf/ob We42NR7sbEp8Y9PdNQR1KY5l2Ke20Gvj3mZR4c3qpboN3gBaHUbSWMazYiECubl4 xmuJvhxD24VFeiBL9Tl4MNwjX/wtYsFcUDLoFtBKcn7d4vAB1D9XSMmRyADJ4tVU oNyJ6Kdry8OvdPb8iDA7nQKYexUy3Lnk9hW0ws92aOGtUboUyD1sP0+rhO3lOmKC 6wx5/k8ku5mAn66cf3FnL+x4ehsqVcobGKKLF7OkrQXaqRJZWYOBN1rKBJ6+NqFo ik5c0syhGC7C/gwQtCDiaQBf3MNiCJ22Humg/vlFzPIJuR9cEOj9aFWJcouOHBEF NkhpJZHve0Q4vAx7mKk2NHh/eN5GlZSWOt5VacvlCGyBOK+NJQqP+pJn6VDN8BVn 4zpb6qSwyfTChSPbcKa8DDH57N8iJOOtspoyL+9HW0SBGxOBKkBAuZUD3xp7Q3LF QNF4qgZyLVlR4bPLoqnzDtI1iXIB0Q5ePjf5YpNsHcmY60EVjBBN1hMHHznRSO6i g19EdXM11iE10ZlAdfuu =ZNUM -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
