On 11/11/2009 06:26:04 AM, David Sommerseth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 11/11/09 12:06, Mathieu GIANNECCHINI wrote:
> > Victor Wagner a écrit :

> >> But if entire certificate would be available, it would be possible
> to
> >> extract any information from it (or hash it with any algorithm)
> from the
> >> script using openssl command line utility or some binding or
> OpenSSL
> >> libraries to the choosen script language.

> Indeed!  And you're about to get my vote for this implementation ...
> but
> I have two concerns.

> 2) If an attacker sends a certificate with his certificate and 999 CA
> certificates in a chain, what will happen?  What happens if the disk
> goes full or the certificate cannot be written?

You're a lot less likely to fill the disk than you are to run out
of RAM.

Karl <k...@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein


Reply via email to