[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

indexes of certificates



Bob Jueneman mentioned that the DN provides an index under which to store
the X.509 certificate.  It's guaranteed unique.  That's perhaps it's only
guaranteed characteristic.

In my alternative proposal, there are no DN's, either for the certifier or
the subject.  Rather, the essential field is the hash of the public key
of that entity.

Let me point out that for the purpose of indexing certificates,
the hash of the Signed-key is more than just unique.  A fixed length portion
of the hash can be used as an index into a hash table, for rapid location of
the desired certificates.  This doesn't help if you're looking for Meaning:
fields which contain some given text, but if you're following a certificate
chain in order to verify it, it's about as fast as you can get and costs 0
because it was precomputed and stored in the cert.

For indexes into the Meaning: fields, one needs to employ standard text
indexing software but the most common operation, in the applications I've
done, has been checking certificate chains.

 - Carl


+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+