[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Certificate transfer syntax

To: d.w.chadwick@salford.ac.uk, phil.griffin@asn-1.com
Subject: Re: LDAP Certificate transfer syntax
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 4 Apr 2002 20:19:03 +1200 (NZST)
Cc: ietf-ldapbis@OpenLDAP.org, ietf-pkix@imc.org, rhousley@rsasecurity.com

Phil Griffin <phil.griffin@asn-1.com> writes:

>It is only when someone tries to reconstruct the certificate from its values
>using the strict DER subset of BER that a mismatch with the signature due to
>BER/DER differences in the encoding can arise.

This would be a problem if anyone actually did this.  Anyone mad enough to even
try it quickly finds that 90% of signatures fail to verify after the re-
coding, and falls back to doing what everyone else does, which is treat the
signed object as a blob which you don't touch (the same with DNs in certs and
many other things).

Peter (who actually tried re-coding DNs into the correct form for awhile, but
       quickly gave up, and who never even tried with certs).

Prev by Date: Re: LDAP Certificate transfer syntax
Next by Date: Re: LDAP Certificate transfer syntax
Index(es):
- Chronological
- Thread