[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SKIP: Fixes to certificate discovery protocol
Germano Caronni Wrote:
> I assume ?! that each certificate in the response contains its appropriate
> master ID.
Yes. Since a certificate serves as a binding between a name and a public
value, the name is present in the certificate. In the case of a hashed
public key, the hash of the key IS the name, so it is inherently present.
>> There is only one Master Key-ID, Why do you need NSID with each certificate ?
> > Is the intent to associate each certificate with a Key-ID ? If so,
> > then you need both NSID and Master Key-ID with each certificate.
>
> Yeah! Now, is it in the certificate, or not ?
Master key-ids (Names) are present in the certificate as discussed above.
Name spaces, however, are not present in current certificates (X509, PGP).
Therefore, we need a way of providing this information. That's why the
NSID is sent with each certificate.
Warm Regards,
--tom
References: