On 11/11/2009 06:26:04 AM, David Sommerseth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/11/09 12:06, Mathieu GIANNECCHINI wrote:
> > Victor Wagner a écrit :
> >> But if entire certificate would be available, it would be possible
> to
> >> extract any information from it (or hash it with any algorithm)
> from the
> >> script using openssl command line utility or some binding or
> OpenSSL
> >> libraries to the choosen script language.
> Indeed! And you're about to get my vote for this implementation ...
> but
> I have two concerns.
> 2) If an attacker sends a certificate with his certificate and 999 CA
> certificates in a chain, what will happen? What happens if the disk
> goes full or the certificate cannot be written?
You're a lot less likely to fill the disk than you are to run out
of RAM.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
