[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SKIP: Fixes to certificate discovery protocol



Germano Caronni Wrote:

> I assume ?! that each certificate in the response contains its appropriate
> master ID.

Yes.  Since a certificate serves as a binding between a name and a public
value, the name is present in the certificate.  In the case of a hashed
public key, the hash of the key IS the name, so it is inherently present.

>> There is only one Master Key-ID, Why do you need NSID with each certificate ?
> > Is the intent to associate each certificate with a Key-ID ?  If so,
> > then you need both NSID and Master Key-ID with each certificate.
> 

> Yeah! Now, is it in the certificate, or not ?

Master key-ids (Names) are present in the certificate as discussed above.
Name spaces, however, are not present in current certificates (X509, PGP). 
Therefore, we need a way of providing this information.  That's why the 
NSID is sent with each certificate.  

Warm Regards,

--tom


References: