W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

ACTION-306: Trust anchors

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 25 Feb 2009 15:23:37 +0100
Message-Id: <C771AF44-98EB-419B-B761-F53C13CBD4EA@w3.org>
To: "public-webapps@w3.org WG" <public-webapps@w3.org>
I propose that we add te following text in the beginning of 6.2:

> The validation procedure given in this section describes extensions  
> to XML Signature Core Validation.  In addition to the steps defined  
> in these two specifications, user agents MUST perform Basic Path  
> Validation [RFC 5280] on the signing key.  The set of acceptable  
> trust anchors, and policy decisions based on the signer's identity  
> are established through a security-cirtical out-of-band mechanism.

(If somebody can think of something nicer to say, that's fine as  
well.  Note that the Basic Path Validation requirement isn't really  
new -- it's implicit to our use of X.509, if done properly.   
Nevertheless, worth calling out properly.)

--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Wednesday, 25 February 2009 14:23:49 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT