Re: [smime] Use of subjectKeyIdentifier

Russ Housley <housley@vigilsec.com> Wed, 31 March 2010 18:25 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: smime@core3.amsl.com
Delivered-To: smime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF0BB3A6A2E for <smime@core3.amsl.com>; Wed, 31 Mar 2010 11:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.472
X-Spam-Level:
X-Spam-Status: No, score=-99.472 tagged_above=-999 required=5 tests=[AWL=0.138, BAYES_20=-0.74, DNS_FROM_OPENWHOIS=1.13, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvPoOMP5DF2y for <smime@core3.amsl.com>; Wed, 31 Mar 2010 11:25:31 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by core3.amsl.com (Postfix) with ESMTP id AA9C23A6A55 for <smime@ietf.org>; Wed, 31 Mar 2010 11:24:25 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id C3AA49A476A for <smime@ietf.org>; Wed, 31 Mar 2010 14:24:58 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id yRRymVnM3LUI for <smime@ietf.org>; Wed, 31 Mar 2010 14:24:53 -0400 (EDT)
Received: from [192.168.2.107] (pool-96-255-37-236.washdc.fios.verizon.net [96.255.37.236]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 215619A4730 for <smime@ietf.org>; Wed, 31 Mar 2010 14:24:58 -0400 (EDT)
Message-ID: <4BB39387.60209@vigilsec.com>
Date: Wed, 31 Mar 2010 14:25:11 -0400
From: Russ Housley <housley@vigilsec.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: smime@ietf.org
References: <4BB38427.40502@stroeder.com>
In-Reply-To: <4BB38427.40502@stroeder.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: [smime] Use of subjectKeyIdentifier
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smime>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2010 18:25:33 -0000

I think it would be better for use the issuer/serial approach in that
case.  There is more than one way to compute the subjectKeyIdentifier
value, even if one is preferred.  So, it would be ambiguous if the
extension was not included in the certificate.

Russ

On 3/31/2010 1:19 PM, Michael Ströder wrote:
> HI!
> 
> If an S/MIME cert does not contain a subjectKeyIdentifier extension is a
> sending S/MIME MUA allowed to generate RecipientInfos referencing the
> receiver's cert by (self-calculated) subjectKeyIdentifier (instead of issuer
> name and serial number)?
> 
> IMHO RFC 5750 is not really clear on that.
> 
> Ciao, Michael.
> _______________________________________________
> smime mailing list
> smime@ietf.org
> https://www.ietf.org/mailman/listinfo/smime
>