On Sat, 2 Nov 2002, Vadim Fedukovich wrote: > On Fri, Nov 01, 2002 at 12:51:24AM +0100, Fr�d�ric Giudicelli via RT wrote: > > > > Well Microsoft support tells me it's openssl's fault, and you tell me it's > > microsoft's ? > > It's dead end, what am I supposed to tell my clients ? > > Well, Microsoft and openssl are not the only code available. > Would you accept a well-done one from IBM? The SET wallet was tested > to accept certificates hierarchy with AKI extension in merchant certificate > referring brand CA, not merchant CA name.
You're right, that's how it's done in the SET hierarchy. The keyIdentifier is not used, the only valid content for the authorityKeyIdentifier is the issuer's name of the issuer certificate, packed with the issuer's certificate serial number. -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 ----- Et puis, je sais que �a ne se fait pas de reprendre sur l'orthographe, mais l'usage Usenetien veut qu'on �crive "scan�eur". En ajoutant "f�ssiste", pour faire bonne mesure. -+- XH in <http://neuneu.mine.nu> : L'heptalingue sans peine -+- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
