Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?

To: Alfred =?hp-roman8?B?SM5uZXM=?= <ah at tr-sys.de>
Subject: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
From: Simon Josefsson <simon at josefsson.org>
Date: Wed, 22 Oct 2008 10:56:01 +0200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200810212000.WAA27701 at TR-Sys.de> (Alfred's message of "Tue, 21 Oct 2008 22:00:42 +0200 (MESZ)")
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <200810212000.WAA27701 at TR-Sys.de>
Sender: tls-bounces at ietf.org
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Alfred "=?hp-roman8?B?SM5uZXM=?=" <ah at tr-sys.de> writes:

> (B)  Non-uniqueness of x509_name in Trusted CA Keys TLS extension
>
> The 3rd-to-last paragraph of Section 6 in the -03 version
> of the rfc4366-bis draft states:
>
> !  Note also that it is possible that a key hash or a Distinguished Name
> !  alone may not uniquely identify a certificate issuer (for example, if
> !  a particular CA has multiple key pairs). However, here we assume this
> !  is the case following the use of Distinguished Names to identify
> !  certificate issuers in TLS.
>
> It seems rather unlikely that this non-uniqueness happens for
> a key hash.

Can't you have multiple CA certificates for the same key?

/Simon
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
  - From: Dean Anderson

References:
- [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
  - From: Alfred Hönes

Prev by Date: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation
Next by Date: [TLS] New Version Notification - draft-rescorla-tls-suiteb-09.txt
Previous by thread: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Next by thread: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Index(es):
- Date
- Thread

Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.