W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: Indicating certificate order in XML Dig Sig

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Mon, 27 Jun 2011 18:05:34 +0100
Message-ID: <BANLkTi=2CWW45z-YjqPzYOztL11HX8dtGQ@mail.gmail.com>
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Cc: public-webapps <public-webapps@w3.org>, Thomas Roessler <tlr@w3.org>, "Frederick.Hirsch@nokia.com" <frederick.hirsch@nokia.com>, Kai Hendry <kai.hendry@wacapps.net>, Paddy Byers <paddy.byers@gmail.com>
On Mon, Jun 20, 2011 at 3:21 PM, Cantor, Scott E. <cantor.2@osu.edu> wrote:
> On 6/20/11 8:37 AM, "Marcos Caceres" <marcosscaceres@gmail.com> wrote:
>>Is there some means to explicitly indicate the order in which
>>certificates in an xml dig sig file should be processed? The problem
>>is that if you screw up the certificate order in the xml file, the
>>validator (e.g,. xmlsec) does not know which cert is the end-entity.
> BP is EE first, the rest after (and technically the order of the rest
> isn't supposed to matter).

Can I get an assurance from the XML Sec working group that a
non-normative note will be added to the XML Dig Sig specification wrt
to this best practice? Please consider this comment implementer
feedback on the CR.

Marcos Caceres
Received on Monday, 27 June 2011 17:06:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:42 UTC