Re: SKIP: Fixes to certificate discovery protocol

[Germano Caronni <caronni@tik.ee.ethz.ch>]

-----BEGIN PGP SIGNED MESSAGE-----

Teodora Ngo wrote:
> 
> > Master Key-ID   - this is the identifier as described in the section on
> >                   Master Key-IDs. It's length is dependent on the value
> >                   of the NSID field.  It is only used when requesting 
> > 		  certificates with a specific master key-id from another 
> > 		  entity.  The requester may set this to zero (0) in which
> > 		  case the receiver should consider the request for ALL 
> > 		  certificates.  The responder should always set this
> > 		  field to zero (0).
> 
>   Suggestion : The responder should retain the same Master Key-ID so
>   one can match a certificate response to its certificate request.
>   There can be multiple outstanding certificate requests.

I assume ?! that each certificate in the response contains its appropriate
master ID. 

> There is only one Master Key-ID, Why do you need NSID with each certificate ?
> Is the intent to associate each certificate with a Key-ID ?  If so,
> then you need both NSID and Master Key-ID with each certificate.

Yeah! Now, is it in the certificate, or not ?  

/gec


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMJArVLH8jId7euXhAQGI2QP+JlCxnAYz3uiFRgS6CMTzyUNhjooKmP/C
YDJjwv5MzgufEE0OR9BYW46b+MVyOmqS+/FvKcU2/FHBYdatLVB8L84c9Uz8Lc4n
ftkRXAiVNtoyFL1EVHRELmKWyIS+vNC43+4OMtqD1QslQzc/mW3WaOv+RZ8zEbFh
jjxlUjxFW0k=
=kM0R
-----END PGP SIGNATURE-----

---

Follow-Ups:

• Re: SKIP: Fixes to certificate discovery protocol
• From: markson@osmosys.incog.com (Tom Markson)

References:

• Re: SKIP: Fixes to certificate discovery protocol
• From: pingn@jurassic.eng.sun.com (Teodora Ngo)

---

• Prev by Date: Re: comments on draft 03 of SKIP
• Next by Date: Re: SKIP: Fixes to certificate discovery protocol
• Prev by thread: Re: SKIP: Fixes to certificate discovery protocol
• Next by thread: Re: SKIP: Fixes to certificate discovery protocol
• Index(es):
  • Main
  • Thread