* Message by -Lasse Kliemann- from Thu 2009-05-14: > I thought that maybe including the certificate _fingerprint_ > would be a good idea, when using OpenSSL. Then, recipients can > sort their trusted certificates by fingerprint. However, it > appears to be common practice to sort certificates by their > _subject hash_ instead. What is the reason for using the > subject hash instead of the certificate fingerprint?
I just realized, it's most likely because the fingerprint would point to *one* specific certificate, whereas a recipient is more interested in *any* trusted certificate that connects the subject (which we assume to be named in the document) with a public key that will verify the signature. So, maybe it is the best solution to include the subject hash. Comments on this are still welcome, however! BTW, if I am given the subject name as a human-readable string, how do I compute the subject hash (in the sense of 'openssl x509 -hash ...') from it?
pgpAkA1RZ6DHD.pgp
Description: PGP signature
