On 11/11/2009 06:26:04 AM, David Sommerseth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/11/09 12:06, Mathieu GIANNECCHINI wrote: > > Victor Wagner a écrit :
> >> But if entire certificate would be available, it would be possible > to > >> extract any information from it (or hash it with any algorithm) > from the > >> script using openssl command line utility or some binding or > OpenSSL > >> libraries to the choosen script language. > Indeed! And you're about to get my vote for this implementation ... > but > I have two concerns. > 2) If an attacker sends a certificate with his certificate and 999 CA > certificates in a chain, what will happen? What happens if the disk > goes full or the certificate cannot be written? You're a lot less likely to fill the disk than you are to run out of RAM. Karl <k...@meme.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein