W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2008

RE: Certificate = DER ?

From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 10 Nov 2008 16:01:23 -0500
To: <Sean.Mullan@Sun.COM>
Cc: "'Magnus Nyström'" <magnus@rsa.com>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>, "'Frederick Hirsch'" <frederick.hirsch@nokia.com>
Message-ID: <00a801c94377$7d612ee0$78238ca0$@2@osu.edu>

> I think I'm ok with this but I don't think we should be any more
> specific, such as stating the DER encoded certificate MUST be 100%
> compliant with PKIX/RFC 5280. (I don't think this is what you are
> suggesting, but I think it is worth mentioning just in case).

No, I'm definitely not suggesting that, and I agree with that. I am in favor
of as few dependencies on 5280 as possible, simply because so many things
that depend on dsig and the use of certificates that are nominally "X.509"
don't have any intention of actually following PKIX to any significant
degree.

-- Scott
Received on Monday, 10 November 2008 21:03:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:55 GMT