[Jsdsi-users] RE: Certificates proof

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 2004-06-24 at 12:01, Luis Pedro wrote:
> Sean,
>=20
> I'm using LDAPCertStore but i'm sure that the problem isn't from the
> CertStore. Because LDAPCertStore class is almost equal to CertStore(use=
s
> jsdsi CertSelectors) the difference is that make connections to an LDAP.
> I'll try to explain better.
Yes, I agree there should be no difference. My only thinking is that I
believe that jsdsi.CertStore does not allow certificates that result in
a circular reference to be inserted, whereas I'm sure LDAPCertStore does
- though as you correctly point out below: the tags are different so how
could a circular reference be the problem.

>=20
> Case(certs on the certstore):
> 	1. (key1 key2 (* set write save) (prop))
> 	2. (key2 key3 (* set write save) (prop))
> 	3. (key1 key3 (* set open send) (prop))
> 	4. (key3 key2 (* set open send) (prop))
>=20
> Trying to prove (key1 key3 (save) (prop)) fails but if i try (key1 key2
> (open) (prop)) the prove succeds. If i delete cert n.=BA 4 and then mak=
e the
> prove (key1 key3 (save) (prop)), the prove succeds!!
so prove (key1 key2 (open) (prop)) gives Proof with Cert3->Cert4 ?

but prove (key1 key3 (save) (prop)) gives no proof found? when it should
give Proof with Cert1->Cert2

then you delete Cert4 and prove (key1 key3 (save) (prop)) gives proof
with Cert1->Cert2?

Hmm... well if LDAPCertStore is retrieving Certificates correctly this
suggest a problem with the Prover?

(I'm in the process of developing a JDBC Cert Store - I'll test your
scenario with that as soon as it is capable... won't be till Sunday I
reckon)

> I asked u because, i have seen some mails about the circular references=
. In
> all tests that i've done the problem is always when a case (key2 key3) =
and
> (key3 key2) ocurr. This can be seen has a circular reference(based on t=
he
> keys). What i don't understand is if this happens but the tags are diff=
erent
> how can this be seen has a circular reference. Is almost like i give u =
a
> permission to read file "abc.txt" and u can't give permission to read f=
ile
> "xpto.txt"!!
>=20
> 	Thanks,
>=20
> 	-- Luis Pedro =20
>=20
> =BB     -----Original Message-----
> =BB     From: Sean Radford [mailto:sra...@ae...]=20
> =BB     Sent: quinta-feira, 24 de Junho de 2004 1:25
> =BB     To: Luis Pedro
> =BB     Cc: users jsdsi
> =BB     Subject: Re: Certificates proof
> =BB    =20
> =BB     On Wed, 2004-06-23 at 18:18, Luis Pedro wrote:
> =BB     > Hi Sean,
> =BB     >=20
> =BB     > I'm having a problem or maybe i'm understanding things wrong!
> =BB     >=20
> =BB     > Imagine that i've three keys(key1, key2 and key3)
> =BB     >=20
> =BB     > Now i make this certs:
> =BB     >=20
> =BB     > 	(key1 key2 (*set write save) (prop))
> =BB     > 	(key2 key3 (*set write save) (prop))
> =BB     >=20
> =BB     > And store them on a certstore. I make some proofs and=20
> =BB     everything goes write.
> =BB     What proofs are you asking?
> =BB     I presume that you are using your LDAP CertStore? (if so,=20
> =BB     have you tried
> =BB     with the 'normal' jsdsi in-memory CertStore (jsdsi.CertStore)?
> =BB    =20
> =BB     > Now i make two more certs:
> =BB     >=20
> =BB     > 	(key1 key3 (*set open send) (prop))
> =BB     > 	(key3 key2 (*set open send) (prop))
> =BB     >=20
> =BB     > And store then on the same certstore.
> =BB     >=20
> =BB     > When i try to make proofs with the last two certs all=20
> =BB     goes right, but with
> =BB     > the first ones when i try to make a proof all goes=20
> =BB     wrong and this didn't
> =BB     > happen before i insert the last ones on the certstore!!=20
> =BB     What exactly happens when it goes wrong?
> =BB     Maybe something to do with the circular reference in the=20
> =BB     certificate structure?
> =BB     Though I asked Sameer about 3 months ago regarding=20
> =BB     circular references and he was
> =BB     confident that he had made steps to prevent this - though=20
> =BB     that might have been only
> =BB     when using jsdsi.CertStore.
> =BB    =20
> =BB    =20
> =BB     Sean
> =BB    =20
> =BB     > Can u explain me why this happens? The keys are the=20
> =BB     same but the tags aren't
> =BB     > not the same. What can be happen?
> =BB     >=20
> =BB     > 	Thanks,
> =BB     >=20
> =BB     > 		-- Luis Pedro
> =BB     --=20
> =BB     Dr. Sean Radford, MBBS, MSc
> =BB     sra...@ae...
> =BB     http://www.aegeus-technology.com
> =BB    =20
--=20
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com