RE: Request change in son-of-rfc2633

"Blake Ramsdell" <blake@brutesquadlabs.com> Tue, 28 October 2003 02:31 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA04519 for <smime-archive@lists.ietf.org>; Mon, 27 Oct 2003 21:31:26 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9S1tQI7086329 for <ietf-smime-bks@above.proper.com>; Mon, 27 Oct 2003 17:55:26 -0800 (PST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id h9S1tQSN086328 for ietf-smime-bks; Mon, 27 Oct 2003 17:55:26 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.12.10/8.12.8) with ESMTP id h9S1tPI7086319 for <ietf-smime@imc.org>; Mon, 27 Oct 2003 17:55:25 -0800 (PST) (envelope-from blake@brutesquadlabs.com)
Received: from DEXTER ([192.168.0.12]) by brutesquadlabs.com with ESMTP ; Mon, 27 Oct 2003 17:55:18 -0800
From: Blake Ramsdell <blake@brutesquadlabs.com>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, jimsch@exmsft.com
Cc: ietf-smime@imc.org
Subject: RE: Request change in son-of-rfc2633
Date: Mon, 27 Oct 2003 17:55:18 -0800
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAAJfxR8h6c3US/aPsNP15O9wEAAAAA@brutesquadlabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <200310280132.h9S1WSx01353@cs.auckland.ac.nz>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz] 
> Sent: Monday, October 27, 2003 5:32 PM
> To: blake@brutesquadlabs.com; jimsch@exmsft.com; 
> pgut001@cs.aucKland.ac.nz
> Cc: ietf-smime@imc.org
> Subject: RE: Request change in son-of-rfc2633
> 
> Given the recent debate over the use of keyIDs on the PKIX 
> list, shouldn't
> this be:
> 
>   S/MIME vAnything MUST NOT rely on the use of subjectKeyIdentifier in
>   messages.

My understanding of the discussion is that there could be multiple
certificates with the same SKI.  Do we need to clarify our language to
warn that there might be multiple certificates that match a particular
SKI, and you should just try out each one until you find one that works?
We'll probably need to discuss the implications of this.

Apparently I was one of the deluded folks that believed that SKI was
meant to be globally unique.

Blake