Hi Sean, Specifically on this point:
> On Aug 7, 2015, at 12:52 AM, Sean Turner <[email protected]> wrote: > > I’m all for switching to using a better hash algorithm to avoid collisions, > but why can’t we just do it anytime we want? The SKI/AKI fields are only > ever generated by a CA so the RPs don’t need to know the algorithm used. This change would require certificates to be re-issued (or possibly keys to be rolled) all the way down from Trust Anchors. When the parent CA re-issues a certificate for the child CA with a new style SKI, then the child will have to re-issue its products with a new AKI. This is not impossible, but not trivial either. Especially if a delegated model is used. I am still not sure that avoiding collisions is that important in this case. Proof of possession of the keys is verified through other means. A specific example: we have changed our validation algorithm to find the most current *valid* MFT for a CA certificate by matching the SKI of the CA certificate with the AKI of the MFT EE certificate. But we do check that it's validly signed. So an accidental collision, or even a maliciously crafted MFT (with a colliding AKI on its EE cert), should not matter. But if I am missing a stronger reason I would like to know. I agree that if we need to change this it's better to address this sooner rather than later. Tim _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
