scd: ambiguous certificate IDs for pkcs#15 certificates
Werner Koch
wk at gnupg.org
Mon Feb 19 16:53:04 CET 2024
On Mon, 19 Feb 2024 16:33, Mario Haustein said:
> your solution sounds much more simpler than mine and should solve the problem
> with record files as well. Maybe it's a good idea to separate the counter from
> the ID by an additional '.', isn't it?
Much more work and code unfortunately.
> At least it shifts the problem from getting the root certificate to just
> verifying the fingerprint of the root certificate. The latter approach is more
> robust for end-users IMHO.
Right.
> It seems the counter is application-global, but collision detection is just
> scoped to the object directory.
Good attach. Please add the attached patch.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-scd-p15-Check-all-cert-stores-for-dups.patch
Type: text/x-diff
Size: 1353 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240219/b197c88e/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240219/b197c88e/attachment.sig>
More information about the Gnupg-devel
mailing list