On 31.03.2010 19:00, Michael Ströder wrote:
> Strange because my e-mail cert does not have subjectKeyIdentifier at all.
>
> Hmm, in theory a S/MIME MUA could calculate it on-the-fly even if the cert
> does not have one and build a lookup table. Maybe it's worth to look what RFC
> 5750 says about it...
That aspect is covered by the CMS spec, actually. From RFC 5652, section
6.2.1:
When an X.509
certificate is referenced, the key identifier matches the X.509
subjectKeyIdentifier extension value.
IOW, Outlook shouldn't use this format for referring to this particular
cert. Also, noted that RFC 5280 only mentions "two common methods for
generating key identifiers", there is no single standardized way for
calculating the key id.
Kaspar
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
