scd: ambiguous certificate IDs for pkcs#15 certificates

Werner Koch wk at gnupg.org
Mon Feb 19 16:53:04 CET 2024


On Mon, 19 Feb 2024 16:33, Mario Haustein said:

> your solution sounds much more simpler than mine and should solve the problem 
> with record files as well. Maybe it's a good idea to separate the counter from 
> the ID by an additional '.', isn't it?

Much more work and code unfortunately.
> At least it shifts the problem from getting the root certificate to just 
> verifying the fingerprint of the root certificate. The latter approach is more 
> robust for end-users IMHO.

Right.

> It seems the counter is application-global, but collision detection is just 
> scoped to the object directory.

Good attach.  Please add the attached patch.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-scd-p15-Check-all-cert-stores-for-dups.patch
Type: text/x-diff
Size: 1353 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240219/b197c88e/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240219/b197c88e/attachment.sig>


More information about the Gnupg-devel mailing list