Bug in certificate management
Werner Koch
wk@gnupg.org
Mon Aug 25 09:48:01 2003
On Sun, 24 Aug 2003 19:52:12 +0200, Robert Schiele said:
> mail, then the certificate is automatically stored into the key database, but
> the chain to the root certificate is incorrect. Importing the correct root
> certificate (availlable from
> http://www.trustcenter.de/certservices/cacerts/tcclass1-2011.pem) afterwards
> does not fix the problem:
Intersting: The 02 and the 03E9 certificates are nearly indentical;
the merely differ in the serial number but the subject and (because they
areroot certs) the issuer DNs are all identical. Thus it is not
possible to unambiguously identify the cert.
According to the Sphinx specs the use of the authorityKeyIdentifier is
required to solve this ambiguity. PKIX also suggest this. The only
way we can solve this is by trying all available root certs in turn.
--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org