RE: Request change in son-of-rfc2633

pgut001@cs.auckland.ac.nz (Peter Gutmann) Wed, 29 October 2003 04:41 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA23663 for <smime-archive@lists.ietf.org>; Tue, 28 Oct 2003 23:41:20 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T43qI7022675 for <ietf-smime-bks@above.proper.com>; Tue, 28 Oct 2003 20:03:52 -0800 (PST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9T43qoi022674 for ietf-smime-bks; Tue, 28 Oct 2003 20:03:52 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9T43oI7022669 for <ietf-smime@imc.org>; Tue, 28 Oct 2003 20:03:51 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9-20030924/8.12.9) with ESMTP id h9T438o9009171; Wed, 29 Oct 2003 17:03:08 +1300
Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id h9T45OE08868; Wed, 29 Oct 2003 17:05:24 +1300
Date: Wed, 29 Oct 2003 17:05:24 +1300
Message-Id: <200310290405.h9T45OE08868@cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz
To: blake@brutesquadlabs.com, housley@vigilsec.com, jimsch@exmsft.com, pgut001@cs.auckland.ac.nz
Subject: RE: Request change in son-of-rfc2633
Cc: ietf-smime@imc.org
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Russ Housley <housley@vigilsec.com> writes:

>Further, if there is a collision, an implementation can try the very small
>number of public keys that have the same identifier.

How does it know when to stop looking for more certs?  For example, what if it
can only find one cert and it's the wrong one?

Peter.