W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2008

RE: Certificate = DER ?

From: Scott Cantor <cantor.2@osu.edu>
Date: Fri, 7 Nov 2008 15:16:48 -0500
To: "'Frederick Hirsch'" <frederick.hirsch@nokia.com>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <081f01c94115$c344e280$49cea780$@2@osu.edu>

> Would now be a good time for a concrete proposal for language or
> should we wait for more discussion first?

For the existing generation spec, or some subsequent revision?

Going forward, the fix IMHO is either using a URI-valued Encoding attribute
inside the X509Certificate element, or defining the future version of
ds:X509Certificate to be DER (or perhaps DER/BER) only and requiring
alternate encodings to be defined with extended X509Data children.

I believe somebody expressed a strong preference for the latter, and that's
arguably cleaner.

-- Scott
Received on Friday, 7 November 2008 20:17:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC