W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2008

RE: Certificate = DER ?

From: Magnus Nyström <magnus@rsa.com>
Date: Mon, 10 Nov 2008 10:33:06 +0100 (W. Europe Standard Time)
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
cc: "'Frederick Hirsch'" <frederick.hirsch@nokia.com>
Message-ID: <Pine.WNT.4.64.0811101023330.7876@W-JNISBETTEST-1.tablus.com>

Scott and all,

As I wrote last week, I guess my concern with this would be that the 
sender may not know whether his certificate (chain) is DER, BER, (or 
anything else) encoded. And furthermore he may not be in a position to 
modify it, should it turn out that it is BER and XML Sec requires DER.

-- Magnus

On Fri, 7 Nov 2008, Scott Cantor wrote:

>> Would now be a good time for a concrete proposal for language or should 
>> we wait for more discussion first?
>
> For the existing generation spec, or some subsequent revision?
>
> Going forward, the fix IMHO is either using a URI-valued Encoding 
> attribute inside the X509Certificate element, or defining the future 
> version of ds:X509Certificate to be DER (or perhaps DER/BER) only and 
> requiring alternate encodings to be defined with extended X509Data 
> children.
>
> I believe somebody expressed a strong preference for the latter, and 
> that's arguably cleaner.
Received on Monday, 10 November 2008 09:33:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:55 GMT